1 | /* original parser id follows */ |
---|
2 | /* yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93" */ |
---|
3 | /* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */ |
---|
4 | |
---|
5 | #define YYBYACC 1 |
---|
6 | #define YYMAJOR 1 |
---|
7 | #define YYMINOR 9 |
---|
8 | #define YYPATCH 20170201 |
---|
9 | |
---|
10 | #define YYEMPTY (-1) |
---|
11 | #define yyclearin (yychar = YYEMPTY) |
---|
12 | #define yyerrok (yyerrflag = 0) |
---|
13 | #define YYRECOVERING() (yyerrflag != 0) |
---|
14 | #define YYENOMEM (-2) |
---|
15 | #define YYEOF 0 |
---|
16 | |
---|
17 | #ifndef yyparse |
---|
18 | #define yyparse racoonyyparse |
---|
19 | #endif /* yyparse */ |
---|
20 | |
---|
21 | #ifndef yylex |
---|
22 | #define yylex racoonyylex |
---|
23 | #endif /* yylex */ |
---|
24 | |
---|
25 | #ifndef yyerror |
---|
26 | #define yyerror racoonyyerror |
---|
27 | #endif /* yyerror */ |
---|
28 | |
---|
29 | #ifndef yychar |
---|
30 | #define yychar racoonyychar |
---|
31 | #endif /* yychar */ |
---|
32 | |
---|
33 | #ifndef yyval |
---|
34 | #define yyval racoonyyval |
---|
35 | #endif /* yyval */ |
---|
36 | |
---|
37 | #ifndef yylval |
---|
38 | #define yylval racoonyylval |
---|
39 | #endif /* yylval */ |
---|
40 | |
---|
41 | #ifndef yydebug |
---|
42 | #define yydebug racoonyydebug |
---|
43 | #endif /* yydebug */ |
---|
44 | |
---|
45 | #ifndef yynerrs |
---|
46 | #define yynerrs racoonyynerrs |
---|
47 | #endif /* yynerrs */ |
---|
48 | |
---|
49 | #ifndef yyerrflag |
---|
50 | #define yyerrflag racoonyyerrflag |
---|
51 | #endif /* yyerrflag */ |
---|
52 | |
---|
53 | #ifndef yylhs |
---|
54 | #define yylhs racoonyylhs |
---|
55 | #endif /* yylhs */ |
---|
56 | |
---|
57 | #ifndef yylen |
---|
58 | #define yylen racoonyylen |
---|
59 | #endif /* yylen */ |
---|
60 | |
---|
61 | #ifndef yydefred |
---|
62 | #define yydefred racoonyydefred |
---|
63 | #endif /* yydefred */ |
---|
64 | |
---|
65 | #ifndef yydgoto |
---|
66 | #define yydgoto racoonyydgoto |
---|
67 | #endif /* yydgoto */ |
---|
68 | |
---|
69 | #ifndef yysindex |
---|
70 | #define yysindex racoonyysindex |
---|
71 | #endif /* yysindex */ |
---|
72 | |
---|
73 | #ifndef yyrindex |
---|
74 | #define yyrindex racoonyyrindex |
---|
75 | #endif /* yyrindex */ |
---|
76 | |
---|
77 | #ifndef yygindex |
---|
78 | #define yygindex racoonyygindex |
---|
79 | #endif /* yygindex */ |
---|
80 | |
---|
81 | #ifndef yytable |
---|
82 | #define yytable racoonyytable |
---|
83 | #endif /* yytable */ |
---|
84 | |
---|
85 | #ifndef yycheck |
---|
86 | #define yycheck racoonyycheck |
---|
87 | #endif /* yycheck */ |
---|
88 | |
---|
89 | #ifndef yyname |
---|
90 | #define yyname racoonyyname |
---|
91 | #endif /* yyname */ |
---|
92 | |
---|
93 | #ifndef yyrule |
---|
94 | #define yyrule racoonyyrule |
---|
95 | #endif /* yyrule */ |
---|
96 | #define YYPREFIX "racoonyy" |
---|
97 | |
---|
98 | #define YYPURE 0 |
---|
99 | |
---|
100 | #line 6 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
101 | /* |
---|
102 | * Copyright (C) 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002 and 2003 WIDE Project. |
---|
103 | * All rights reserved. |
---|
104 | * |
---|
105 | * Redistribution and use in source and binary forms, with or without |
---|
106 | * modification, are permitted provided that the following conditions |
---|
107 | * are met: |
---|
108 | * 1. Redistributions of source code must retain the above copyright |
---|
109 | * notice, this list of conditions and the following disclaimer. |
---|
110 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
111 | * notice, this list of conditions and the following disclaimer in the |
---|
112 | * documentation and/or other materials provided with the distribution. |
---|
113 | * 3. Neither the name of the project nor the names of its contributors |
---|
114 | * may be used to endorse or promote products derived from this software |
---|
115 | * without specific prior written permission. |
---|
116 | * |
---|
117 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
---|
118 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
119 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
120 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
---|
121 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
122 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
123 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
124 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
125 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
126 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
127 | * SUCH DAMAGE. |
---|
128 | */ |
---|
129 | |
---|
130 | #include "config.h" |
---|
131 | |
---|
132 | #include <sys/types.h> |
---|
133 | #include <sys/param.h> |
---|
134 | #include <sys/queue.h> |
---|
135 | #include <sys/socket.h> |
---|
136 | |
---|
137 | #include <netinet/in.h> |
---|
138 | #include PATH_IPSEC_H |
---|
139 | |
---|
140 | #ifdef ENABLE_HYBRID |
---|
141 | #include <arpa/inet.h> |
---|
142 | #endif |
---|
143 | |
---|
144 | #include <stdlib.h> |
---|
145 | #include <stdio.h> |
---|
146 | #include <string.h> |
---|
147 | #include <errno.h> |
---|
148 | #include <netdb.h> |
---|
149 | #include <pwd.h> |
---|
150 | #include <grp.h> |
---|
151 | |
---|
152 | #include "var.h" |
---|
153 | #include "misc.h" |
---|
154 | #include "vmbuf.h" |
---|
155 | #include "plog.h" |
---|
156 | #include "sockmisc.h" |
---|
157 | #include "str2val.h" |
---|
158 | #include "genlist.h" |
---|
159 | #include "debug.h" |
---|
160 | |
---|
161 | #include "admin.h" |
---|
162 | #include "privsep.h" |
---|
163 | #include "cfparse_proto.h" |
---|
164 | #include "cftoken_proto.h" |
---|
165 | #include "algorithm.h" |
---|
166 | #include "localconf.h" |
---|
167 | #include "policy.h" |
---|
168 | #include "sainfo.h" |
---|
169 | #include "oakley.h" |
---|
170 | #include "pfkey.h" |
---|
171 | #include "remoteconf.h" |
---|
172 | #include "grabmyaddr.h" |
---|
173 | #include "isakmp_var.h" |
---|
174 | #include "handler.h" |
---|
175 | #include "isakmp.h" |
---|
176 | #include "nattraversal.h" |
---|
177 | #include "isakmp_frag.h" |
---|
178 | #ifdef ENABLE_HYBRID |
---|
179 | #include "resolv.h" |
---|
180 | #include "isakmp_unity.h" |
---|
181 | #include "isakmp_xauth.h" |
---|
182 | #include "isakmp_cfg.h" |
---|
183 | #endif |
---|
184 | #include "ipsec_doi.h" |
---|
185 | #include "strnames.h" |
---|
186 | #include "gcmalloc.h" |
---|
187 | #ifdef HAVE_GSSAPI |
---|
188 | #include "gssapi.h" |
---|
189 | #endif |
---|
190 | #include "vendorid.h" |
---|
191 | #include "rsalist.h" |
---|
192 | #include "crypto_openssl.h" |
---|
193 | |
---|
194 | struct secprotospec { |
---|
195 | int prop_no; |
---|
196 | int trns_no; |
---|
197 | int strength; /* for isakmp/ipsec */ |
---|
198 | int encklen; /* for isakmp/ipsec */ |
---|
199 | time_t lifetime; /* for isakmp */ |
---|
200 | int lifebyte; /* for isakmp */ |
---|
201 | int proto_id; /* for ipsec (isakmp?) */ |
---|
202 | int ipsec_level; /* for ipsec */ |
---|
203 | int encmode; /* for ipsec */ |
---|
204 | int vendorid; /* for isakmp */ |
---|
205 | char *gssid; |
---|
206 | struct sockaddr *remote; |
---|
207 | int algclass[MAXALGCLASS]; |
---|
208 | |
---|
209 | struct secprotospec *next; /* the tail is the most prefiered. */ |
---|
210 | struct secprotospec *prev; |
---|
211 | }; |
---|
212 | |
---|
213 | static int num2dhgroup[] = { |
---|
214 | 0, |
---|
215 | OAKLEY_ATTR_GRP_DESC_MODP768, |
---|
216 | OAKLEY_ATTR_GRP_DESC_MODP1024, |
---|
217 | OAKLEY_ATTR_GRP_DESC_EC2N155, |
---|
218 | OAKLEY_ATTR_GRP_DESC_EC2N185, |
---|
219 | OAKLEY_ATTR_GRP_DESC_MODP1536, |
---|
220 | 0, |
---|
221 | 0, |
---|
222 | 0, |
---|
223 | 0, |
---|
224 | 0, |
---|
225 | 0, |
---|
226 | 0, |
---|
227 | 0, |
---|
228 | OAKLEY_ATTR_GRP_DESC_MODP2048, |
---|
229 | OAKLEY_ATTR_GRP_DESC_MODP3072, |
---|
230 | OAKLEY_ATTR_GRP_DESC_MODP4096, |
---|
231 | OAKLEY_ATTR_GRP_DESC_MODP6144, |
---|
232 | OAKLEY_ATTR_GRP_DESC_MODP8192 |
---|
233 | }; |
---|
234 | |
---|
235 | static struct remoteconf *cur_rmconf; |
---|
236 | static int tmpalgtype[MAXALGCLASS]; |
---|
237 | static struct sainfo *cur_sainfo; |
---|
238 | static int cur_algclass; |
---|
239 | static int oldloglevel = LLV_BASE; |
---|
240 | |
---|
241 | static struct secprotospec *newspspec __P((void)); |
---|
242 | static void insspspec __P((struct remoteconf *, struct secprotospec *)); |
---|
243 | void dupspspec_list __P((struct remoteconf *dst, struct remoteconf *src)); |
---|
244 | void flushspspec __P((struct remoteconf *)); |
---|
245 | static void adminsock_conf __P((vchar_t *, vchar_t *, vchar_t *, int)); |
---|
246 | |
---|
247 | static int set_isakmp_proposal __P((struct remoteconf *)); |
---|
248 | static void clean_tmpalgtype __P((void)); |
---|
249 | static int expand_isakmpspec __P((int, int, int *, |
---|
250 | int, int, time_t, int, int, int, char *, struct remoteconf *)); |
---|
251 | |
---|
252 | void freeetypes (struct etypes **etypes); |
---|
253 | |
---|
254 | static int load_x509(const char *file, char **filenameptr, |
---|
255 | vchar_t **certptr) |
---|
256 | { |
---|
257 | char path[PATH_MAX]; |
---|
258 | |
---|
259 | getpathname(path, sizeof(path), LC_PATHTYPE_CERT, file); |
---|
260 | *certptr = eay_get_x509cert(path); |
---|
261 | if (*certptr == NULL) |
---|
262 | return -1; |
---|
263 | |
---|
264 | *filenameptr = racoon_strdup(file); |
---|
265 | STRDUP_FATAL(*filenameptr); |
---|
266 | |
---|
267 | return 0; |
---|
268 | } |
---|
269 | |
---|
270 | static int process_rmconf() |
---|
271 | { |
---|
272 | |
---|
273 | /* check a exchange mode */ |
---|
274 | if (cur_rmconf->etypes == NULL) { |
---|
275 | yyerror("no exchange mode specified.\n"); |
---|
276 | return -1; |
---|
277 | } |
---|
278 | |
---|
279 | if (cur_rmconf->idvtype == IDTYPE_UNDEFINED) |
---|
280 | cur_rmconf->idvtype = IDTYPE_ADDRESS; |
---|
281 | |
---|
282 | if (cur_rmconf->idvtype == IDTYPE_ASN1DN) { |
---|
283 | if (cur_rmconf->mycertfile) { |
---|
284 | if (cur_rmconf->idv) |
---|
285 | yywarn("Both CERT and ASN1 ID " |
---|
286 | "are set. Hope this is OK.\n"); |
---|
287 | /* TODO: Preparse the DN here */ |
---|
288 | } else if (cur_rmconf->idv) { |
---|
289 | /* OK, using asn1dn without X.509. */ |
---|
290 | } else { |
---|
291 | yyerror("ASN1 ID not specified " |
---|
292 | "and no CERT defined!\n"); |
---|
293 | return -1; |
---|
294 | } |
---|
295 | } |
---|
296 | |
---|
297 | if (duprmconf_finish(cur_rmconf)) |
---|
298 | return -1; |
---|
299 | |
---|
300 | if (set_isakmp_proposal(cur_rmconf) != 0) |
---|
301 | return -1; |
---|
302 | |
---|
303 | /* DH group settting if aggressive mode is there. */ |
---|
304 | if (check_etypeok(cur_rmconf, (void*) ISAKMP_ETYPE_AGG)) { |
---|
305 | struct isakmpsa *p; |
---|
306 | int b = 0; |
---|
307 | |
---|
308 | /* DH group */ |
---|
309 | for (p = cur_rmconf->proposal; p; p = p->next) { |
---|
310 | if (b == 0 || (b && b == p->dh_group)) { |
---|
311 | b = p->dh_group; |
---|
312 | continue; |
---|
313 | } |
---|
314 | yyerror("DH group must be equal " |
---|
315 | "in all proposals " |
---|
316 | "when aggressive mode is " |
---|
317 | "used.\n"); |
---|
318 | return -1; |
---|
319 | } |
---|
320 | cur_rmconf->dh_group = b; |
---|
321 | |
---|
322 | if (cur_rmconf->dh_group == 0) { |
---|
323 | yyerror("DH group must be set in the proposal.\n"); |
---|
324 | return -1; |
---|
325 | } |
---|
326 | |
---|
327 | /* DH group settting if PFS is required. */ |
---|
328 | if (oakley_setdhgroup(cur_rmconf->dh_group, |
---|
329 | &cur_rmconf->dhgrp) < 0) { |
---|
330 | yyerror("failed to set DH value.\n"); |
---|
331 | return -1; |
---|
332 | } |
---|
333 | } |
---|
334 | |
---|
335 | insrmconf(cur_rmconf); |
---|
336 | |
---|
337 | return 0; |
---|
338 | } |
---|
339 | |
---|
340 | #ifdef YYSTYPE |
---|
341 | #undef YYSTYPE_IS_DECLARED |
---|
342 | #define YYSTYPE_IS_DECLARED 1 |
---|
343 | #endif |
---|
344 | #ifndef YYSTYPE_IS_DECLARED |
---|
345 | #define YYSTYPE_IS_DECLARED 1 |
---|
346 | #line 247 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
347 | typedef union { |
---|
348 | unsigned long num; |
---|
349 | vchar_t *val; |
---|
350 | struct remoteconf *rmconf; |
---|
351 | struct sockaddr *saddr; |
---|
352 | struct sainfoalg *alg; |
---|
353 | } YYSTYPE; |
---|
354 | #endif /* !YYSTYPE_IS_DECLARED */ |
---|
355 | #line 356 "racoonyy.tab.c" |
---|
356 | |
---|
357 | /* compatibility with bison */ |
---|
358 | #ifdef YYPARSE_PARAM |
---|
359 | /* compatibility with FreeBSD */ |
---|
360 | # ifdef YYPARSE_PARAM_TYPE |
---|
361 | # define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM) |
---|
362 | # else |
---|
363 | # define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM) |
---|
364 | # endif |
---|
365 | #else |
---|
366 | # define YYPARSE_DECL() yyparse(void) |
---|
367 | #endif |
---|
368 | |
---|
369 | /* Parameters sent to lex. */ |
---|
370 | #ifdef YYLEX_PARAM |
---|
371 | # define YYLEX_DECL() yylex(void *YYLEX_PARAM) |
---|
372 | # define YYLEX yylex(YYLEX_PARAM) |
---|
373 | #else |
---|
374 | # define YYLEX_DECL() yylex(void) |
---|
375 | # define YYLEX yylex() |
---|
376 | #endif |
---|
377 | |
---|
378 | /* Parameters sent to yyerror. */ |
---|
379 | #ifndef YYERROR_DECL |
---|
380 | #define YYERROR_DECL() yyerror(const char *s) |
---|
381 | #endif |
---|
382 | #ifndef YYERROR_CALL |
---|
383 | #define YYERROR_CALL(msg) yyerror(msg) |
---|
384 | #endif |
---|
385 | |
---|
386 | extern int YYPARSE_DECL(); |
---|
387 | |
---|
388 | #define PRIVSEP 257 |
---|
389 | #define USER 258 |
---|
390 | #define GROUP 259 |
---|
391 | #define CHROOT 260 |
---|
392 | #define PATH 261 |
---|
393 | #define PATHTYPE 262 |
---|
394 | #define INCLUDE 263 |
---|
395 | #define PFKEY_BUFFER 264 |
---|
396 | #define LOGGING 265 |
---|
397 | #define LOGLEV 266 |
---|
398 | #define PADDING 267 |
---|
399 | #define PAD_RANDOMIZE 268 |
---|
400 | #define PAD_RANDOMIZELEN 269 |
---|
401 | #define PAD_MAXLEN 270 |
---|
402 | #define PAD_STRICT 271 |
---|
403 | #define PAD_EXCLTAIL 272 |
---|
404 | #define LISTEN 273 |
---|
405 | #define X_ISAKMP 274 |
---|
406 | #define X_ISAKMP_NATT 275 |
---|
407 | #define X_ADMIN 276 |
---|
408 | #define STRICT_ADDRESS 277 |
---|
409 | #define ADMINSOCK 278 |
---|
410 | #define DISABLED 279 |
---|
411 | #define LDAPCFG 280 |
---|
412 | #define LDAP_HOST 281 |
---|
413 | #define LDAP_PORT 282 |
---|
414 | #define LDAP_PVER 283 |
---|
415 | #define LDAP_BASE 284 |
---|
416 | #define LDAP_BIND_DN 285 |
---|
417 | #define LDAP_BIND_PW 286 |
---|
418 | #define LDAP_SUBTREE 287 |
---|
419 | #define LDAP_ATTR_USER 288 |
---|
420 | #define LDAP_ATTR_ADDR 289 |
---|
421 | #define LDAP_ATTR_MASK 290 |
---|
422 | #define LDAP_ATTR_GROUP 291 |
---|
423 | #define LDAP_ATTR_MEMBER 292 |
---|
424 | #define RADCFG 293 |
---|
425 | #define RAD_AUTH 294 |
---|
426 | #define RAD_ACCT 295 |
---|
427 | #define RAD_TIMEOUT 296 |
---|
428 | #define RAD_RETRIES 297 |
---|
429 | #define MODECFG 298 |
---|
430 | #define CFG_NET4 299 |
---|
431 | #define CFG_MASK4 300 |
---|
432 | #define CFG_DNS4 301 |
---|
433 | #define CFG_NBNS4 302 |
---|
434 | #define CFG_DEFAULT_DOMAIN 303 |
---|
435 | #define CFG_AUTH_SOURCE 304 |
---|
436 | #define CFG_AUTH_GROUPS 305 |
---|
437 | #define CFG_SYSTEM 306 |
---|
438 | #define CFG_RADIUS 307 |
---|
439 | #define CFG_PAM 308 |
---|
440 | #define CFG_LDAP 309 |
---|
441 | #define CFG_LOCAL 310 |
---|
442 | #define CFG_NONE 311 |
---|
443 | #define CFG_GROUP_SOURCE 312 |
---|
444 | #define CFG_ACCOUNTING 313 |
---|
445 | #define CFG_CONF_SOURCE 314 |
---|
446 | #define CFG_MOTD 315 |
---|
447 | #define CFG_POOL_SIZE 316 |
---|
448 | #define CFG_AUTH_THROTTLE 317 |
---|
449 | #define CFG_SPLIT_NETWORK 318 |
---|
450 | #define CFG_SPLIT_LOCAL 319 |
---|
451 | #define CFG_SPLIT_INCLUDE 320 |
---|
452 | #define CFG_SPLIT_DNS 321 |
---|
453 | #define CFG_PFS_GROUP 322 |
---|
454 | #define CFG_SAVE_PASSWD 323 |
---|
455 | #define RETRY 324 |
---|
456 | #define RETRY_COUNTER 325 |
---|
457 | #define RETRY_INTERVAL 326 |
---|
458 | #define RETRY_PERSEND 327 |
---|
459 | #define RETRY_PHASE1 328 |
---|
460 | #define RETRY_PHASE2 329 |
---|
461 | #define NATT_KA 330 |
---|
462 | #define ALGORITHM_CLASS 331 |
---|
463 | #define ALGORITHMTYPE 332 |
---|
464 | #define STRENGTHTYPE 333 |
---|
465 | #define SAINFO 334 |
---|
466 | #define FROM 335 |
---|
467 | #define REMOTE 336 |
---|
468 | #define ANONYMOUS 337 |
---|
469 | #define CLIENTADDR 338 |
---|
470 | #define INHERIT 339 |
---|
471 | #define REMOTE_ADDRESS 340 |
---|
472 | #define EXCHANGE_MODE 341 |
---|
473 | #define EXCHANGETYPE 342 |
---|
474 | #define DOI 343 |
---|
475 | #define DOITYPE 344 |
---|
476 | #define SITUATION 345 |
---|
477 | #define SITUATIONTYPE 346 |
---|
478 | #define CERTIFICATE_TYPE 347 |
---|
479 | #define CERTTYPE 348 |
---|
480 | #define PEERS_CERTFILE 349 |
---|
481 | #define CA_TYPE 350 |
---|
482 | #define VERIFY_CERT 351 |
---|
483 | #define SEND_CERT 352 |
---|
484 | #define SEND_CR 353 |
---|
485 | #define MATCH_EMPTY_CR 354 |
---|
486 | #define IDENTIFIERTYPE 355 |
---|
487 | #define IDENTIFIERQUAL 356 |
---|
488 | #define MY_IDENTIFIER 357 |
---|
489 | #define PEERS_IDENTIFIER 358 |
---|
490 | #define VERIFY_IDENTIFIER 359 |
---|
491 | #define DNSSEC 360 |
---|
492 | #define CERT_X509 361 |
---|
493 | #define CERT_PLAINRSA 362 |
---|
494 | #define NONCE_SIZE 363 |
---|
495 | #define DH_GROUP 364 |
---|
496 | #define KEEPALIVE 365 |
---|
497 | #define PASSIVE 366 |
---|
498 | #define INITIAL_CONTACT 367 |
---|
499 | #define NAT_TRAVERSAL 368 |
---|
500 | #define REMOTE_FORCE_LEVEL 369 |
---|
501 | #define PROPOSAL_CHECK 370 |
---|
502 | #define PROPOSAL_CHECK_LEVEL 371 |
---|
503 | #define GENERATE_POLICY 372 |
---|
504 | #define GENERATE_LEVEL 373 |
---|
505 | #define SUPPORT_PROXY 374 |
---|
506 | #define PROPOSAL 375 |
---|
507 | #define EXEC_PATH 376 |
---|
508 | #define EXEC_COMMAND 377 |
---|
509 | #define EXEC_SUCCESS 378 |
---|
510 | #define EXEC_FAILURE 379 |
---|
511 | #define GSS_ID 380 |
---|
512 | #define GSS_ID_ENC 381 |
---|
513 | #define GSS_ID_ENCTYPE 382 |
---|
514 | #define COMPLEX_BUNDLE 383 |
---|
515 | #define DPD 384 |
---|
516 | #define DPD_DELAY 385 |
---|
517 | #define DPD_RETRY 386 |
---|
518 | #define DPD_MAXFAIL 387 |
---|
519 | #define PH1ID 388 |
---|
520 | #define XAUTH_LOGIN 389 |
---|
521 | #define WEAK_PHASE1_CHECK 390 |
---|
522 | #define REKEY 391 |
---|
523 | #define PREFIX 392 |
---|
524 | #define PORT 393 |
---|
525 | #define PORTANY 394 |
---|
526 | #define UL_PROTO 395 |
---|
527 | #define ANY 396 |
---|
528 | #define IKE_FRAG 397 |
---|
529 | #define ESP_FRAG 398 |
---|
530 | #define MODE_CFG 399 |
---|
531 | #define PFS_GROUP 400 |
---|
532 | #define LIFETIME 401 |
---|
533 | #define LIFETYPE_TIME 402 |
---|
534 | #define LIFETYPE_BYTE 403 |
---|
535 | #define STRENGTH 404 |
---|
536 | #define REMOTEID 405 |
---|
537 | #define SCRIPT 406 |
---|
538 | #define PHASE1_UP 407 |
---|
539 | #define PHASE1_DOWN 408 |
---|
540 | #define PHASE1_DEAD 409 |
---|
541 | #define NUMBER 410 |
---|
542 | #define SWITCH 411 |
---|
543 | #define BOOLEAN 412 |
---|
544 | #define HEXSTRING 413 |
---|
545 | #define QUOTEDSTRING 414 |
---|
546 | #define ADDRSTRING 415 |
---|
547 | #define ADDRRANGE 416 |
---|
548 | #define UNITTYPE_BYTE 417 |
---|
549 | #define UNITTYPE_KBYTES 418 |
---|
550 | #define UNITTYPE_MBYTES 419 |
---|
551 | #define UNITTYPE_TBYTES 420 |
---|
552 | #define UNITTYPE_SEC 421 |
---|
553 | #define UNITTYPE_MIN 422 |
---|
554 | #define UNITTYPE_HOUR 423 |
---|
555 | #define EOS 424 |
---|
556 | #define BOC 425 |
---|
557 | #define EOC 426 |
---|
558 | #define COMMA 427 |
---|
559 | #define YYERRCODE 256 |
---|
560 | typedef int YYINT; |
---|
561 | static const YYINT racoonyylhs[] = { -1, |
---|
562 | 0, 0, 14, 14, 14, 14, 14, 14, 14, 14, |
---|
563 | 14, 14, 14, 14, 14, 14, 14, 15, 30, 30, |
---|
564 | 32, 31, 33, 31, 34, 31, 35, 31, 36, 31, |
---|
565 | 37, 16, 38, 29, 17, 18, 19, 20, 39, 21, |
---|
566 | 40, 40, 42, 41, 43, 41, 44, 41, 45, 41, |
---|
567 | 46, 41, 22, 47, 47, 49, 48, 50, 48, 51, |
---|
568 | 48, 52, 48, 53, 48, 54, 48, 12, 5, 5, |
---|
569 | 55, 24, 56, 56, 58, 57, 59, 57, 60, 57, |
---|
570 | 61, 57, 62, 57, 63, 57, 64, 23, 65, 65, |
---|
571 | 67, 66, 68, 66, 69, 66, 70, 66, 71, 66, |
---|
572 | 72, 66, 73, 66, 74, 66, 75, 66, 76, 66, |
---|
573 | 77, 66, 78, 66, 25, 79, 79, 81, 80, 82, |
---|
574 | 80, 80, 80, 86, 80, 87, 80, 89, 80, 90, |
---|
575 | 80, 91, 80, 92, 80, 93, 80, 94, 80, 96, |
---|
576 | 80, 97, 80, 98, 80, 99, 80, 100, 80, 101, |
---|
577 | 80, 102, 80, 103, 80, 104, 80, 105, 80, 106, |
---|
578 | 80, 107, 80, 108, 80, 109, 80, 110, 80, 83, |
---|
579 | 83, 111, 84, 84, 112, 85, 85, 113, 95, 95, |
---|
580 | 114, 88, 88, 115, 26, 116, 116, 118, 117, 119, |
---|
581 | 117, 120, 117, 121, 117, 122, 117, 123, 117, 125, |
---|
582 | 128, 27, 124, 124, 124, 124, 124, 124, 9, 9, |
---|
583 | 9, 126, 126, 126, 127, 127, 130, 129, 131, 129, |
---|
584 | 132, 129, 133, 129, 135, 129, 134, 136, 134, 13, |
---|
585 | 3, 3, 4, 4, 4, 6, 6, 6, 1, 1, |
---|
586 | 138, 28, 140, 28, 141, 28, 142, 28, 137, 137, |
---|
587 | 139, 11, 11, 143, 143, 145, 144, 147, 144, 148, |
---|
588 | 144, 149, 144, 144, 151, 144, 152, 144, 153, 144, |
---|
589 | 154, 144, 155, 144, 156, 144, 157, 144, 158, 144, |
---|
590 | 159, 144, 160, 144, 161, 144, 162, 144, 163, 144, |
---|
591 | 164, 144, 165, 144, 166, 144, 167, 144, 168, 144, |
---|
592 | 169, 144, 170, 144, 171, 144, 172, 144, 173, 144, |
---|
593 | 174, 144, 175, 144, 176, 144, 177, 144, 178, 144, |
---|
594 | 179, 144, 180, 144, 181, 144, 182, 144, 183, 144, |
---|
595 | 184, 144, 185, 144, 186, 144, 187, 144, 188, 144, |
---|
596 | 189, 144, 190, 144, 191, 144, 192, 144, 193, 144, |
---|
597 | 146, 146, 195, 150, 196, 150, 2, 2, 10, 10, |
---|
598 | 10, 194, 194, 198, 197, 199, 197, 200, 197, 201, |
---|
599 | 197, 202, 197, 7, 7, 7, 8, 8, 8, 8, |
---|
600 | }; |
---|
601 | static const YYINT racoonyylen[] = { 2, |
---|
602 | 0, 2, 1, 1, 1, 1, 1, 1, 1, 1, |
---|
603 | 1, 1, 1, 1, 1, 1, 1, 4, 0, 2, |
---|
604 | 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, |
---|
605 | 0, 5, 0, 4, 3, 3, 3, 3, 1, 4, |
---|
606 | 0, 2, 0, 4, 0, 4, 0, 4, 0, 4, |
---|
607 | 0, 4, 4, 0, 2, 0, 4, 0, 4, 0, |
---|
608 | 7, 0, 4, 0, 4, 0, 3, 2, 0, 1, |
---|
609 | 0, 5, 0, 2, 0, 5, 0, 6, 0, 5, |
---|
610 | 0, 6, 0, 4, 0, 4, 0, 5, 0, 2, |
---|
611 | 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, |
---|
612 | 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, |
---|
613 | 0, 4, 0, 4, 4, 0, 2, 0, 4, 0, |
---|
614 | 4, 3, 3, 0, 5, 0, 5, 0, 4, 0, |
---|
615 | 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, |
---|
616 | 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, |
---|
617 | 4, 0, 4, 0, 4, 0, 4, 0, 4, 0, |
---|
618 | 4, 0, 4, 0, 4, 0, 4, 0, 4, 1, |
---|
619 | 3, 1, 1, 3, 1, 1, 3, 2, 1, 3, |
---|
620 | 1, 1, 3, 1, 4, 0, 2, 0, 4, 0, |
---|
621 | 5, 0, 4, 0, 5, 0, 5, 0, 5, 0, |
---|
622 | 0, 8, 1, 2, 2, 2, 2, 2, 5, 6, |
---|
623 | 2, 0, 3, 2, 0, 2, 0, 4, 0, 4, |
---|
624 | 0, 6, 0, 6, 0, 4, 1, 0, 4, 2, |
---|
625 | 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, |
---|
626 | 0, 6, 0, 4, 0, 6, 0, 4, 1, 1, |
---|
627 | 3, 2, 1, 0, 2, 0, 4, 0, 4, 0, |
---|
628 | 4, 0, 4, 2, 0, 4, 0, 5, 0, 5, |
---|
629 | 0, 4, 0, 5, 0, 4, 0, 4, 0, 4, |
---|
630 | 0, 4, 0, 5, 0, 6, 0, 4, 0, 5, |
---|
631 | 0, 6, 0, 4, 0, 4, 0, 4, 0, 4, |
---|
632 | 0, 4, 0, 4, 0, 4, 0, 5, 0, 5, |
---|
633 | 0, 5, 0, 4, 0, 4, 0, 4, 0, 4, |
---|
634 | 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, |
---|
635 | 0, 4, 0, 4, 0, 4, 0, 4, 0, 4, |
---|
636 | 0, 4, 0, 6, 0, 4, 0, 6, 0, 5, |
---|
637 | 0, 2, 0, 5, 0, 4, 1, 1, 0, 1, |
---|
638 | 1, 0, 2, 0, 6, 0, 6, 0, 4, 0, |
---|
639 | 4, 0, 5, 1, 1, 1, 1, 1, 1, 1, |
---|
640 | }; |
---|
641 | static const YYINT racoonyydefred[] = { 1, |
---|
642 | 0, 0, 0, 0, 0, 0, 0, 0, 87, 71, |
---|
643 | 0, 0, 200, 0, 0, 0, 2, 3, 4, 5, |
---|
644 | 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, |
---|
645 | 16, 17, 19, 0, 0, 0, 39, 0, 41, 54, |
---|
646 | 0, 0, 116, 186, 0, 0, 0, 0, 0, 253, |
---|
647 | 0, 33, 0, 31, 35, 36, 38, 0, 0, 89, |
---|
648 | 73, 0, 0, 0, 0, 0, 0, 70, 252, 0, |
---|
649 | 0, 68, 0, 0, 37, 0, 0, 0, 0, 18, |
---|
650 | 20, 0, 0, 0, 0, 0, 0, 40, 42, 0, |
---|
651 | 0, 66, 0, 53, 55, 0, 0, 0, 0, 0, |
---|
652 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
653 | 0, 0, 0, 0, 115, 117, 0, 0, 0, 0, |
---|
654 | 0, 0, 185, 187, 204, 205, 211, 0, 206, 207, |
---|
655 | 208, 0, 0, 0, 241, 254, 244, 245, 248, 34, |
---|
656 | 23, 21, 27, 25, 29, 32, 43, 45, 47, 49, |
---|
657 | 51, 56, 58, 0, 64, 0, 0, 0, 0, 0, |
---|
658 | 0, 0, 0, 0, 0, 0, 0, 0, 88, 90, |
---|
659 | 0, 0, 0, 0, 72, 74, 118, 120, 172, 0, |
---|
660 | 0, 175, 0, 0, 130, 132, 134, 136, 138, 181, |
---|
661 | 140, 0, 142, 144, 148, 150, 152, 146, 164, 166, |
---|
662 | 162, 168, 154, 160, 0, 0, 184, 128, 0, 156, |
---|
663 | 158, 188, 0, 192, 0, 0, 0, 232, 0, 0, |
---|
664 | 214, 0, 215, 0, 0, 0, 0, 0, 0, 0, |
---|
665 | 0, 0, 0, 0, 0, 0, 0, 0, 67, 0, |
---|
666 | 0, 0, 93, 95, 91, 97, 101, 103, 99, 105, |
---|
667 | 107, 109, 111, 113, 0, 0, 83, 85, 0, 0, |
---|
668 | 122, 0, 123, 0, 0, 0, 0, 0, 0, 0, |
---|
669 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
670 | 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, |
---|
671 | 0, 0, 374, 375, 376, 190, 0, 194, 196, 198, |
---|
672 | 0, 234, 235, 0, 361, 360, 213, 0, 250, 242, |
---|
673 | 249, 0, 258, 0, 0, 0, 0, 0, 0, 0, |
---|
674 | 0, 0, 0, 0, 0, 0, 297, 0, 0, 0, |
---|
675 | 0, 0, 0, 349, 0, 0, 0, 0, 0, 0, |
---|
676 | 0, 0, 0, 0, 0, 0, 0, 251, 255, 246, |
---|
677 | 24, 22, 28, 26, 30, 44, 46, 48, 50, 52, |
---|
678 | 57, 59, 65, 0, 63, 0, 0, 0, 0, 0, |
---|
679 | 0, 0, 0, 0, 0, 0, 0, 0, 75, 0, |
---|
680 | 79, 0, 0, 119, 121, 171, 174, 131, 133, 135, |
---|
681 | 137, 139, 141, 180, 143, 145, 149, 151, 153, 147, |
---|
682 | 165, 167, 163, 169, 155, 161, 178, 0, 0, 0, |
---|
683 | 129, 183, 157, 159, 189, 0, 193, 0, 0, 0, |
---|
684 | 0, 237, 238, 236, 209, 225, 0, 0, 0, 0, |
---|
685 | 216, 256, 351, 260, 262, 0, 0, 264, 271, 0, |
---|
686 | 0, 265, 0, 275, 277, 279, 281, 0, 0, 293, |
---|
687 | 295, 0, 299, 323, 327, 325, 345, 319, 317, 321, |
---|
688 | 0, 329, 331, 333, 335, 341, 287, 315, 339, 337, |
---|
689 | 303, 301, 305, 313, 0, 0, 0, 60, 94, 96, |
---|
690 | 92, 98, 102, 104, 100, 106, 108, 110, 112, 114, |
---|
691 | 77, 0, 81, 0, 84, 86, 177, 125, 127, 191, |
---|
692 | 195, 197, 199, 210, 0, 357, 358, 217, 0, 0, |
---|
693 | 219, 202, 0, 0, 0, 0, 0, 355, 0, 267, |
---|
694 | 269, 0, 273, 0, 0, 0, 0, 0, 283, 0, |
---|
695 | 289, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
696 | 0, 0, 362, 0, 0, 0, 0, 0, 0, 0, |
---|
697 | 0, 0, 0, 0, 0, 0, 0, 0, 307, 309, |
---|
698 | 311, 0, 0, 76, 0, 80, 0, 0, 0, 0, |
---|
699 | 0, 0, 0, 257, 352, 259, 261, 263, 353, 0, |
---|
700 | 272, 0, 0, 266, 0, 276, 278, 280, 282, 285, |
---|
701 | 0, 291, 0, 294, 296, 298, 300, 324, 328, 326, |
---|
702 | 346, 320, 318, 322, 0, 330, 332, 334, 336, 342, |
---|
703 | 288, 316, 340, 338, 304, 302, 306, 314, 343, 377, |
---|
704 | 378, 379, 380, 347, 0, 0, 0, 61, 78, 82, |
---|
705 | 240, 230, 0, 226, 218, 221, 223, 220, 0, 356, |
---|
706 | 268, 270, 274, 0, 284, 0, 290, 0, 0, 0, |
---|
707 | 0, 350, 363, 0, 0, 308, 310, 312, 0, 0, |
---|
708 | 0, 354, 286, 292, 0, 368, 370, 0, 0, 344, |
---|
709 | 348, 229, 222, 224, 372, 0, 0, 0, 0, 0, |
---|
710 | 369, 371, 364, 366, 373, 0, 0, 365, 367, |
---|
711 | }; |
---|
712 | static const YYINT racoonyydgoto[] = { 1, |
---|
713 | 632, 508, 220, 304, 69, 425, 296, 624, 66, 307, |
---|
714 | 49, 50, 568, 17, 18, 19, 20, 21, 22, 23, |
---|
715 | 24, 25, 26, 27, 28, 29, 30, 31, 32, 53, |
---|
716 | 81, 228, 227, 230, 229, 231, 82, 76, 38, 58, |
---|
717 | 89, 232, 233, 234, 235, 236, 59, 95, 237, 238, |
---|
718 | 562, 242, 240, 154, 42, 97, 176, 492, 563, 494, |
---|
719 | 565, 382, 383, 41, 96, 170, 368, 366, 367, 369, |
---|
720 | 372, 370, 371, 373, 374, 375, 376, 377, 62, 116, |
---|
721 | 259, 260, 180, 183, 285, 409, 410, 208, 288, 265, |
---|
722 | 266, 267, 268, 269, 191, 270, 272, 273, 277, 274, |
---|
723 | 275, 276, 282, 290, 291, 283, 280, 278, 279, 281, |
---|
724 | 181, 184, 286, 192, 209, 63, 124, 292, 416, 297, |
---|
725 | 418, 419, 420, 67, 45, 134, 308, 430, 431, 570, |
---|
726 | 573, 660, 661, 569, 505, 633, 310, 224, 311, 71, |
---|
727 | 226, 74, 225, 349, 513, 514, 433, 515, 516, 438, |
---|
728 | 522, 582, 583, 519, 585, 524, 525, 526, 527, 591, |
---|
729 | 644, 549, 593, 646, 532, 533, 452, 535, 554, 553, |
---|
730 | 555, 625, 626, 627, 556, 550, 541, 540, 542, 536, |
---|
731 | 538, 537, 544, 545, 546, 547, 552, 551, 548, 654, |
---|
732 | 539, 655, 461, 605, 639, 580, 653, 686, 687, 676, |
---|
733 | 677, 680, |
---|
734 | }; |
---|
735 | static const YYINT racoonyysindex[] = { 0, |
---|
736 | -193, -348, -174, -292, -306, -130, -266, -246, 0, 0, |
---|
737 | -244, -234, 0, -268, -217, -216, 0, 0, 0, 0, |
---|
738 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
739 | 0, 0, 0, -264, -220, -191, 0, -168, 0, 0, |
---|
740 | -219, -196, 0, 0, -252, -185, -146, -185, -108, 0, |
---|
741 | -164, 0, -251, 0, 0, 0, 0, -257, -258, 0, |
---|
742 | 0, -256, -275, -231, -321, -242, -218, 0, 0, -171, |
---|
743 | -163, 0, -255, -163, 0, -159, -284, -282, -143, 0, |
---|
744 | 0, -152, -138, -137, -134, -132, -131, 0, 0, -128, |
---|
745 | -128, 0, -261, 0, 0, -260, -259, -127, -126, -125, |
---|
746 | -124, -129, -122, -121, -200, -209, -136, -120, -118, -115, |
---|
747 | -165, -117, -114, -113, 0, 0, -111, -110, -109, -106, |
---|
748 | -105, -104, 0, 0, 0, 0, 0, -308, 0, 0, |
---|
749 | 0, -112, -80, -148, 0, 0, 0, 0, 0, 0, |
---|
750 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
751 | 0, 0, 0, -142, 0, -103, -102, -101, -100, -99, |
---|
752 | -98, -97, -93, -95, -94, -92, -91, -90, 0, 0, |
---|
753 | -89, -88, -96, -83, 0, 0, 0, 0, 0, -141, |
---|
754 | -149, 0, -116, -86, 0, 0, 0, 0, 0, 0, |
---|
755 | 0, -84, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
756 | 0, 0, 0, 0, -85, -85, 0, 0, -82, 0, |
---|
757 | 0, 0, -201, 0, -201, -201, -201, 0, -79, -195, |
---|
758 | 0, -199, 0, -172, -140, -172, -78, -77, -76, -75, |
---|
759 | -74, -73, -72, -71, -70, -69, -67, -66, 0, -65, |
---|
760 | -81, -64, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
761 | 0, 0, 0, 0, -265, -262, 0, 0, -63, -62, |
---|
762 | 0, -125, 0, -124, -61, -60, -59, -58, -57, -56, |
---|
763 | -121, -55, -54, -53, -52, -51, -50, -49, -48, -47, |
---|
764 | -46, -45, -44, -11, -43, 0, -43, -42, -117, -41, |
---|
765 | -39, -38, 0, 0, 0, 0, -37, 0, 0, 0, |
---|
766 | -195, 0, 0, -238, 0, 0, 0, -289, 0, 0, |
---|
767 | 0, -128, 0, -23, -18, -107, -270, -32, -22, -21, |
---|
768 | -20, -19, -24, -17, -16, -14, 0, -13, -12, -293, |
---|
769 | -68, -310, -10, 0, -9, -7, -6, -5, -4, -199, |
---|
770 | -3, -288, -286, -1, 1, -139, -26, 0, 0, 0, |
---|
771 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
772 | 0, 0, 0, 3, 0, -31, -30, -27, -8, -2, |
---|
773 | 2, 4, 5, 6, 7, 8, 9, 10, 0, 11, |
---|
774 | 0, 12, 13, 0, 0, 0, 0, 0, 0, 0, |
---|
775 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
776 | 0, 0, 0, 0, 0, 0, 0, -85, 14, 15, |
---|
777 | 0, 0, 0, 0, 0, 16, 0, 17, 18, 19, |
---|
778 | -238, 0, 0, 0, 0, 0, -254, -135, 24, -145, |
---|
779 | 0, 0, 0, 0, 0, 21, 30, 0, 0, 31, |
---|
780 | 32, 0, 33, 0, 0, 0, 0, -281, -277, 0, |
---|
781 | 0, -254, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
782 | -25, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
783 | 0, 0, 0, 0, 38, 39, -167, 0, 0, 0, |
---|
784 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
785 | 0, 26, 0, 27, 0, 0, 0, 0, 0, 0, |
---|
786 | 0, 0, 0, 0, 75, 0, 0, 0, 42, 43, |
---|
787 | 0, 0, 34, -303, 35, 36, 40, 0, 37, 0, |
---|
788 | 0, 41, 0, 44, 45, 46, 47, -199, 0, -199, |
---|
789 | 0, 48, 49, 50, 51, 52, 53, 54, 55, 56, |
---|
790 | 57, 58, 0, 59, 60, 61, 62, 64, 65, 66, |
---|
791 | 67, 68, 69, 70, 71, 72, -201, -181, 0, 0, |
---|
792 | 0, 73, 74, 0, 76, 0, 77, 0, 78, 79, |
---|
793 | -201, -181, 80, 0, 0, 0, 0, 0, 0, 81, |
---|
794 | 0, 82, 83, 0, 84, 0, 0, 0, 0, 0, |
---|
795 | 85, 0, 86, 0, 0, 0, 0, 0, 0, 0, |
---|
796 | 0, 0, 0, 0, -291, 0, 0, 0, 0, 0, |
---|
797 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
798 | 0, 0, 0, 0, 87, 88, 89, 0, 0, 0, |
---|
799 | 0, 0, 28, 0, 0, 0, 0, 0, 90, 0, |
---|
800 | 0, 0, 0, 91, 0, 92, 0, 95, -254, 103, |
---|
801 | -133, 0, 0, 94, 96, 0, 0, 0, 75, 97, |
---|
802 | 98, 0, 0, 0, 77, 0, 0, 109, 113, 0, |
---|
803 | 0, 0, 0, 0, 0, 100, 101, -201, -181, 102, |
---|
804 | 0, 0, 0, 0, 0, 104, 105, 0, 0, |
---|
805 | }; |
---|
806 | static const YYINT racoonyyrindex[] = { 0, |
---|
807 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
808 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
809 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
810 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
811 | 0, 0, 0, 0, 0, -305, -15, -305, 106, 0, |
---|
812 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
813 | 0, 0, 0, -249, 0, 0, 107, 0, 0, 0, |
---|
814 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
815 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
816 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
817 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
818 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
819 | 0, 0, 0, 0, 0, 0, 0, -232, 0, 0, |
---|
820 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
821 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
822 | 0, 0, 0, 0, 0, 110, 0, 0, 0, 0, |
---|
823 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
824 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
825 | 111, 0, 0, 112, 0, 0, 0, 0, 0, 0, |
---|
826 | 0, 114, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
827 | 0, 0, 0, 0, 0, 0, 0, 0, 115, 0, |
---|
828 | 0, 0, 0, 0, 0, 0, 0, 0, -232, -213, |
---|
829 | 0, 108, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
830 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
831 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
832 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
833 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
834 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
835 | 0, 0, 0, 0, 116, 0, 117, 0, 0, 0, |
---|
836 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
837 | -213, 0, 0, 0, 0, 0, 0, -119, 0, 0, |
---|
838 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
839 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
840 | 0, 0, 0, 0, 0, 0, 0, 0, 0, -70, |
---|
841 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
842 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
843 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
844 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
845 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
846 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
847 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
848 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
849 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
850 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
851 | 0, 0, 0, 0, 0, 0, 0, -70, -70, 0, |
---|
852 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
853 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
854 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
855 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
856 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
857 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
858 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
859 | 0, 0, 0, 0, 0, 0, 0, -70, 0, -70, |
---|
860 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
861 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
862 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
863 | 0, 0, 0, 0, 0, 0, -285, -247, 0, 0, |
---|
864 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
865 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
866 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
867 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
868 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
869 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
870 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
871 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
872 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
873 | 0, 0, 0, 0, -142, 0, 0, 0, 0, 0, |
---|
874 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
875 | 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
876 | }; |
---|
877 | static const YYINT racoonyygindex[] = { 0, |
---|
878 | -381, -447, 120, 119, 284, 121, -215, -539, 63, -334, |
---|
879 | 261, -87, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
880 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
881 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
882 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
883 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
884 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
885 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
886 | 0, 0, 149, 150, 129, 0, 0, 126, 0, 0, |
---|
887 | 0, 0, 0, 0, 146, 0, 0, 0, 0, 0, |
---|
888 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
889 | 0, 0, 93, 0, 0, 0, 0, 0, 0, 0, |
---|
890 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
891 | 0, 0, 0, -323, 0, 0, 192, 0, 118, 0, |
---|
892 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
893 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
894 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
895 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
896 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
897 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
898 | 0, 0, |
---|
899 | }; |
---|
900 | #define YYTABLESIZE 542 |
---|
901 | static const YYINT racoonyytable[] = { 298, |
---|
902 | 299, 300, 152, 153, 534, 467, 77, 78, 79, 203, |
---|
903 | 83, 84, 85, 86, 87, 90, 91, 155, 92, 93, |
---|
904 | 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, |
---|
905 | 167, 168, 637, 69, 171, 172, 173, 174, 575, 648, |
---|
906 | 132, 426, 98, 99, 100, 101, 102, 103, 104, 117, |
---|
907 | 118, 119, 120, 121, 122, 105, 106, 107, 108, 109, |
---|
908 | 110, 111, 458, 2, 112, 113, 114, 3, 46, 4, |
---|
909 | 5, 6, 649, 7, 528, 455, 33, 506, 530, 8, |
---|
910 | 469, 46, 471, 218, 64, 203, 9, 34, 650, 439, |
---|
911 | 440, 441, 127, 128, 129, 130, 195, 196, 197, 10, |
---|
912 | 459, 198, 65, 36, 11, 193, 125, 219, 194, 651, |
---|
913 | 427, 428, 65, 529, 531, 429, 133, 456, 69, 69, |
---|
914 | 576, 35, 470, 65, 472, 141, 126, 143, 131, 142, |
---|
915 | 12, 144, 305, 306, 652, 37, 305, 306, 239, 684, |
---|
916 | 13, 239, 14, 442, 378, 47, 48, 380, 379, 54, |
---|
917 | 123, 381, 156, 205, 206, 507, 422, 423, 39, 48, |
---|
918 | 231, 231, 231, 231, 51, 169, 175, 94, 88, 115, |
---|
919 | 199, 424, 200, 201, 80, 203, 227, 231, 40, 228, |
---|
920 | 43, 233, 233, 186, 187, 188, 189, 15, 137, 16, |
---|
921 | 44, 139, 70, 590, 52, 592, 233, 302, 303, 312, |
---|
922 | 313, 666, 314, 55, 315, 60, 316, 68, 317, 318, |
---|
923 | 319, 320, 321, 322, 305, 306, 323, 324, 325, 293, |
---|
924 | 294, 295, 326, 327, 432, 328, 329, 330, 61, 331, |
---|
925 | 73, 332, 56, 333, 334, 620, 621, 622, 623, 559, |
---|
926 | 560, 561, 135, 335, 336, 337, 338, 339, 340, 341, |
---|
927 | 342, 309, 136, 436, 437, 57, 343, 344, 345, 75, |
---|
928 | 346, 136, 475, 476, 140, 347, 509, 510, 668, 669, |
---|
929 | 145, 146, 147, 148, 222, 149, 223, 262, 150, 151, |
---|
930 | 512, 239, 261, 675, 185, 348, 48, 177, 178, 179, |
---|
931 | 182, 203, 190, 202, 204, 210, 207, 211, 212, 213, |
---|
932 | 214, 221, 457, 215, 216, 217, 201, 263, 244, 245, |
---|
933 | 241, 243, 218, 257, 246, 247, 248, 249, 250, 251, |
---|
934 | 434, 252, 253, 254, 255, 256, 258, 435, 443, 284, |
---|
935 | 448, 72, 364, 138, 287, 672, 0, 449, 301, 0, |
---|
936 | 264, 619, 271, 0, 289, 351, 352, 353, 354, 355, |
---|
937 | 356, 357, 358, 359, 360, 636, 361, 362, 363, 365, |
---|
938 | 384, 385, 388, 389, 390, 391, 392, 393, 395, 396, |
---|
939 | 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, |
---|
940 | 407, 411, 413, 408, 414, 415, 417, 477, 444, 445, |
---|
941 | 446, 447, 479, 480, 450, 451, 481, 453, 454, 543, |
---|
942 | 460, 462, 463, 464, 465, 466, 567, 468, 473, 243, |
---|
943 | 386, 474, 478, 387, 412, 482, 394, 350, 0, 421, |
---|
944 | 0, 483, 0, 491, 493, 484, 665, 485, 486, 487, |
---|
945 | 488, 489, 490, 511, 517, 495, 496, 498, 499, 500, |
---|
946 | 501, 502, 503, 518, 520, 521, 523, 557, 558, 564, |
---|
947 | 566, 571, 572, 579, 659, 0, 0, 574, 577, 578, |
---|
948 | 581, 0, 683, 0, 584, 0, 0, 586, 587, 588, |
---|
949 | 589, 594, 595, 596, 597, 598, 599, 600, 601, 602, |
---|
950 | 603, 604, 606, 607, 608, 609, 631, 610, 611, 612, |
---|
951 | 613, 614, 615, 616, 617, 618, 628, 629, 0, 630, |
---|
952 | 497, 634, 635, 638, 640, 641, 642, 643, 645, 647, |
---|
953 | 656, 657, 658, 662, 663, 664, 667, 670, 678, 671, |
---|
954 | 673, 674, 679, 681, 682, 685, 0, 688, 689, 0, |
---|
955 | 247, 212, 359, 62, 170, 173, 0, 179, 182, 124, |
---|
956 | 126, 504, |
---|
957 | }; |
---|
958 | static const YYINT racoonyycheck[] = { 215, |
---|
959 | 216, 217, 90, 91, 452, 340, 258, 259, 260, 259, |
---|
960 | 268, 269, 270, 271, 272, 274, 275, 279, 277, 278, |
---|
961 | 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, |
---|
962 | 291, 292, 572, 339, 294, 295, 296, 297, 342, 331, |
---|
963 | 259, 331, 299, 300, 301, 302, 303, 304, 305, 325, |
---|
964 | 326, 327, 328, 329, 330, 312, 313, 314, 315, 316, |
---|
965 | 317, 318, 373, 257, 321, 322, 323, 261, 337, 263, |
---|
966 | 264, 265, 364, 267, 356, 369, 425, 332, 356, 273, |
---|
967 | 369, 337, 369, 392, 337, 335, 280, 262, 380, 360, |
---|
968 | 361, 362, 414, 415, 337, 338, 306, 307, 308, 293, |
---|
969 | 411, 311, 355, 410, 298, 306, 338, 416, 309, 401, |
---|
970 | 400, 401, 355, 448, 449, 405, 335, 411, 424, 425, |
---|
971 | 424, 414, 411, 355, 411, 410, 64, 410, 66, 414, |
---|
972 | 324, 414, 414, 415, 426, 266, 414, 415, 424, 679, |
---|
973 | 334, 427, 336, 414, 410, 414, 415, 410, 414, 414, |
---|
974 | 426, 414, 414, 319, 320, 410, 395, 396, 425, 415, |
---|
975 | 393, 394, 395, 396, 382, 426, 426, 426, 426, 426, |
---|
976 | 307, 410, 309, 310, 426, 425, 424, 410, 425, 427, |
---|
977 | 425, 395, 396, 306, 307, 308, 309, 381, 71, 383, |
---|
978 | 425, 74, 339, 528, 411, 530, 410, 393, 394, 340, |
---|
979 | 341, 649, 343, 424, 345, 425, 347, 393, 349, 350, |
---|
980 | 351, 352, 353, 354, 414, 415, 357, 358, 359, 421, |
---|
981 | 422, 423, 363, 364, 312, 366, 367, 368, 425, 370, |
---|
982 | 339, 372, 424, 374, 375, 417, 418, 419, 420, 407, |
---|
983 | 408, 409, 414, 384, 385, 386, 387, 388, 389, 390, |
---|
984 | 391, 424, 425, 361, 362, 424, 397, 398, 399, 424, |
---|
985 | 401, 425, 402, 403, 424, 406, 402, 403, 402, 403, |
---|
986 | 414, 424, 411, 411, 355, 410, 425, 427, 411, 411, |
---|
987 | 426, 424, 424, 665, 414, 426, 415, 415, 415, 415, |
---|
988 | 415, 410, 414, 414, 410, 410, 414, 411, 410, 410, |
---|
989 | 410, 414, 371, 410, 410, 410, 426, 424, 410, 410, |
---|
990 | 414, 414, 392, 410, 414, 414, 414, 411, 414, 414, |
---|
991 | 344, 414, 414, 414, 414, 414, 410, 346, 361, 415, |
---|
992 | 355, 48, 414, 73, 206, 659, -1, 355, 219, -1, |
---|
993 | 427, 557, 427, -1, 427, 424, 424, 424, 424, 424, |
---|
994 | 424, 424, 424, 424, 424, 571, 424, 424, 424, 424, |
---|
995 | 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, |
---|
996 | 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, |
---|
997 | 392, 424, 424, 427, 424, 424, 424, 414, 411, 411, |
---|
998 | 411, 411, 424, 424, 411, 410, 424, 411, 411, 425, |
---|
999 | 411, 411, 410, 410, 410, 410, 332, 411, 410, 425, |
---|
1000 | 262, 411, 410, 264, 289, 424, 271, 226, -1, 301, |
---|
1001 | -1, 424, -1, 414, 414, 424, 332, 424, 424, 424, |
---|
1002 | 424, 424, 424, 410, 414, 424, 424, 424, 424, 424, |
---|
1003 | 424, 424, 424, 414, 414, 414, 414, 410, 410, 424, |
---|
1004 | 424, 410, 410, 414, 427, -1, -1, 424, 424, 424, |
---|
1005 | 424, -1, 678, -1, 424, -1, -1, 424, 424, 424, |
---|
1006 | 424, 424, 424, 424, 424, 424, 424, 424, 424, 424, |
---|
1007 | 424, 424, 424, 424, 424, 424, 410, 424, 424, 424, |
---|
1008 | 424, 424, 424, 424, 424, 424, 424, 424, -1, 424, |
---|
1009 | 408, 424, 424, 424, 424, 424, 424, 424, 424, 424, |
---|
1010 | 424, 424, 424, 424, 424, 424, 414, 424, 410, 424, |
---|
1011 | 424, 424, 410, 424, 424, 424, -1, 424, 424, -1, |
---|
1012 | 425, 425, 425, 424, 424, 424, -1, 424, 424, 424, |
---|
1013 | 424, 421, |
---|
1014 | }; |
---|
1015 | #define YYFINAL 1 |
---|
1016 | #ifndef YYDEBUG |
---|
1017 | #define YYDEBUG 0 |
---|
1018 | #endif |
---|
1019 | #define YYMAXTOKEN 427 |
---|
1020 | #define YYUNDFTOKEN 632 |
---|
1021 | #define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a)) |
---|
1022 | #if YYDEBUG |
---|
1023 | static const char *const racoonyyname[] = { |
---|
1024 | |
---|
1025 | "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
1026 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
1027 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
1028 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
1029 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
1030 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
1031 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"PRIVSEP","USER","GROUP","CHROOT", |
---|
1032 | "PATH","PATHTYPE","INCLUDE","PFKEY_BUFFER","LOGGING","LOGLEV","PADDING", |
---|
1033 | "PAD_RANDOMIZE","PAD_RANDOMIZELEN","PAD_MAXLEN","PAD_STRICT","PAD_EXCLTAIL", |
---|
1034 | "LISTEN","X_ISAKMP","X_ISAKMP_NATT","X_ADMIN","STRICT_ADDRESS","ADMINSOCK", |
---|
1035 | "DISABLED","LDAPCFG","LDAP_HOST","LDAP_PORT","LDAP_PVER","LDAP_BASE", |
---|
1036 | "LDAP_BIND_DN","LDAP_BIND_PW","LDAP_SUBTREE","LDAP_ATTR_USER","LDAP_ATTR_ADDR", |
---|
1037 | "LDAP_ATTR_MASK","LDAP_ATTR_GROUP","LDAP_ATTR_MEMBER","RADCFG","RAD_AUTH", |
---|
1038 | "RAD_ACCT","RAD_TIMEOUT","RAD_RETRIES","MODECFG","CFG_NET4","CFG_MASK4", |
---|
1039 | "CFG_DNS4","CFG_NBNS4","CFG_DEFAULT_DOMAIN","CFG_AUTH_SOURCE","CFG_AUTH_GROUPS", |
---|
1040 | "CFG_SYSTEM","CFG_RADIUS","CFG_PAM","CFG_LDAP","CFG_LOCAL","CFG_NONE", |
---|
1041 | "CFG_GROUP_SOURCE","CFG_ACCOUNTING","CFG_CONF_SOURCE","CFG_MOTD", |
---|
1042 | "CFG_POOL_SIZE","CFG_AUTH_THROTTLE","CFG_SPLIT_NETWORK","CFG_SPLIT_LOCAL", |
---|
1043 | "CFG_SPLIT_INCLUDE","CFG_SPLIT_DNS","CFG_PFS_GROUP","CFG_SAVE_PASSWD","RETRY", |
---|
1044 | "RETRY_COUNTER","RETRY_INTERVAL","RETRY_PERSEND","RETRY_PHASE1","RETRY_PHASE2", |
---|
1045 | "NATT_KA","ALGORITHM_CLASS","ALGORITHMTYPE","STRENGTHTYPE","SAINFO","FROM", |
---|
1046 | "REMOTE","ANONYMOUS","CLIENTADDR","INHERIT","REMOTE_ADDRESS","EXCHANGE_MODE", |
---|
1047 | "EXCHANGETYPE","DOI","DOITYPE","SITUATION","SITUATIONTYPE","CERTIFICATE_TYPE", |
---|
1048 | "CERTTYPE","PEERS_CERTFILE","CA_TYPE","VERIFY_CERT","SEND_CERT","SEND_CR", |
---|
1049 | "MATCH_EMPTY_CR","IDENTIFIERTYPE","IDENTIFIERQUAL","MY_IDENTIFIER", |
---|
1050 | "PEERS_IDENTIFIER","VERIFY_IDENTIFIER","DNSSEC","CERT_X509","CERT_PLAINRSA", |
---|
1051 | "NONCE_SIZE","DH_GROUP","KEEPALIVE","PASSIVE","INITIAL_CONTACT","NAT_TRAVERSAL", |
---|
1052 | "REMOTE_FORCE_LEVEL","PROPOSAL_CHECK","PROPOSAL_CHECK_LEVEL","GENERATE_POLICY", |
---|
1053 | "GENERATE_LEVEL","SUPPORT_PROXY","PROPOSAL","EXEC_PATH","EXEC_COMMAND", |
---|
1054 | "EXEC_SUCCESS","EXEC_FAILURE","GSS_ID","GSS_ID_ENC","GSS_ID_ENCTYPE", |
---|
1055 | "COMPLEX_BUNDLE","DPD","DPD_DELAY","DPD_RETRY","DPD_MAXFAIL","PH1ID", |
---|
1056 | "XAUTH_LOGIN","WEAK_PHASE1_CHECK","REKEY","PREFIX","PORT","PORTANY","UL_PROTO", |
---|
1057 | "ANY","IKE_FRAG","ESP_FRAG","MODE_CFG","PFS_GROUP","LIFETIME","LIFETYPE_TIME", |
---|
1058 | "LIFETYPE_BYTE","STRENGTH","REMOTEID","SCRIPT","PHASE1_UP","PHASE1_DOWN", |
---|
1059 | "PHASE1_DEAD","NUMBER","SWITCH","BOOLEAN","HEXSTRING","QUOTEDSTRING", |
---|
1060 | "ADDRSTRING","ADDRRANGE","UNITTYPE_BYTE","UNITTYPE_KBYTES","UNITTYPE_MBYTES", |
---|
1061 | "UNITTYPE_TBYTES","UNITTYPE_SEC","UNITTYPE_MIN","UNITTYPE_HOUR","EOS","BOC", |
---|
1062 | "EOC","COMMA",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
1063 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
1064 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
1065 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
1066 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
1067 | 0,0,0,0,0,0,0,0,0,0,0,"illegal-symbol", |
---|
1068 | }; |
---|
1069 | static const char *const racoonyyrule[] = { |
---|
1070 | "$accept : statements", |
---|
1071 | "statements :", |
---|
1072 | "statements : statements statement", |
---|
1073 | "statement : privsep_statement", |
---|
1074 | "statement : path_statement", |
---|
1075 | "statement : include_statement", |
---|
1076 | "statement : pfkey_statement", |
---|
1077 | "statement : gssenc_statement", |
---|
1078 | "statement : logging_statement", |
---|
1079 | "statement : padding_statement", |
---|
1080 | "statement : listen_statement", |
---|
1081 | "statement : ldapcfg_statement", |
---|
1082 | "statement : radcfg_statement", |
---|
1083 | "statement : modecfg_statement", |
---|
1084 | "statement : timer_statement", |
---|
1085 | "statement : sainfo_statement", |
---|
1086 | "statement : remote_statement", |
---|
1087 | "statement : special_statement", |
---|
1088 | "privsep_statement : PRIVSEP BOC privsep_stmts EOC", |
---|
1089 | "privsep_stmts :", |
---|
1090 | "privsep_stmts : privsep_stmts privsep_stmt", |
---|
1091 | "$$1 :", |
---|
1092 | "privsep_stmt : USER QUOTEDSTRING $$1 EOS", |
---|
1093 | "$$2 :", |
---|
1094 | "privsep_stmt : USER NUMBER $$2 EOS", |
---|
1095 | "$$3 :", |
---|
1096 | "privsep_stmt : GROUP QUOTEDSTRING $$3 EOS", |
---|
1097 | "$$4 :", |
---|
1098 | "privsep_stmt : GROUP NUMBER $$4 EOS", |
---|
1099 | "$$5 :", |
---|
1100 | "privsep_stmt : CHROOT QUOTEDSTRING $$5 EOS", |
---|
1101 | "$$6 :", |
---|
1102 | "path_statement : PATH PATHTYPE QUOTEDSTRING $$6 EOS", |
---|
1103 | "$$7 :", |
---|
1104 | "special_statement : COMPLEX_BUNDLE SWITCH $$7 EOS", |
---|
1105 | "include_statement : INCLUDE QUOTEDSTRING EOS", |
---|
1106 | "pfkey_statement : PFKEY_BUFFER NUMBER EOS", |
---|
1107 | "gssenc_statement : GSS_ID_ENC GSS_ID_ENCTYPE EOS", |
---|
1108 | "logging_statement : LOGGING log_level EOS", |
---|
1109 | "log_level : LOGLEV", |
---|
1110 | "padding_statement : PADDING BOC padding_stmts EOC", |
---|
1111 | "padding_stmts :", |
---|
1112 | "padding_stmts : padding_stmts padding_stmt", |
---|
1113 | "$$8 :", |
---|
1114 | "padding_stmt : PAD_RANDOMIZE SWITCH $$8 EOS", |
---|
1115 | "$$9 :", |
---|
1116 | "padding_stmt : PAD_RANDOMIZELEN SWITCH $$9 EOS", |
---|
1117 | "$$10 :", |
---|
1118 | "padding_stmt : PAD_MAXLEN NUMBER $$10 EOS", |
---|
1119 | "$$11 :", |
---|
1120 | "padding_stmt : PAD_STRICT SWITCH $$11 EOS", |
---|
1121 | "$$12 :", |
---|
1122 | "padding_stmt : PAD_EXCLTAIL SWITCH $$12 EOS", |
---|
1123 | "listen_statement : LISTEN BOC listen_stmts EOC", |
---|
1124 | "listen_stmts :", |
---|
1125 | "listen_stmts : listen_stmts listen_stmt", |
---|
1126 | "$$13 :", |
---|
1127 | "listen_stmt : X_ISAKMP ike_addrinfo_port $$13 EOS", |
---|
1128 | "$$14 :", |
---|
1129 | "listen_stmt : X_ISAKMP_NATT ike_addrinfo_port $$14 EOS", |
---|
1130 | "$$15 :", |
---|
1131 | "listen_stmt : ADMINSOCK QUOTEDSTRING QUOTEDSTRING QUOTEDSTRING NUMBER $$15 EOS", |
---|
1132 | "$$16 :", |
---|
1133 | "listen_stmt : ADMINSOCK QUOTEDSTRING $$16 EOS", |
---|
1134 | "$$17 :", |
---|
1135 | "listen_stmt : ADMINSOCK DISABLED $$17 EOS", |
---|
1136 | "$$18 :", |
---|
1137 | "listen_stmt : STRICT_ADDRESS $$18 EOS", |
---|
1138 | "ike_addrinfo_port : ADDRSTRING ike_port", |
---|
1139 | "ike_port :", |
---|
1140 | "ike_port : PORT", |
---|
1141 | "$$19 :", |
---|
1142 | "radcfg_statement : RADCFG $$19 BOC radcfg_stmts EOC", |
---|
1143 | "radcfg_stmts :", |
---|
1144 | "radcfg_stmts : radcfg_stmts radcfg_stmt", |
---|
1145 | "$$20 :", |
---|
1146 | "radcfg_stmt : RAD_AUTH QUOTEDSTRING QUOTEDSTRING $$20 EOS", |
---|
1147 | "$$21 :", |
---|
1148 | "radcfg_stmt : RAD_AUTH QUOTEDSTRING NUMBER QUOTEDSTRING $$21 EOS", |
---|
1149 | "$$22 :", |
---|
1150 | "radcfg_stmt : RAD_ACCT QUOTEDSTRING QUOTEDSTRING $$22 EOS", |
---|
1151 | "$$23 :", |
---|
1152 | "radcfg_stmt : RAD_ACCT QUOTEDSTRING NUMBER QUOTEDSTRING $$23 EOS", |
---|
1153 | "$$24 :", |
---|
1154 | "radcfg_stmt : RAD_TIMEOUT NUMBER $$24 EOS", |
---|
1155 | "$$25 :", |
---|
1156 | "radcfg_stmt : RAD_RETRIES NUMBER $$25 EOS", |
---|
1157 | "$$26 :", |
---|
1158 | "ldapcfg_statement : LDAPCFG $$26 BOC ldapcfg_stmts EOC", |
---|
1159 | "ldapcfg_stmts :", |
---|
1160 | "ldapcfg_stmts : ldapcfg_stmts ldapcfg_stmt", |
---|
1161 | "$$27 :", |
---|
1162 | "ldapcfg_stmt : LDAP_PVER NUMBER $$27 EOS", |
---|
1163 | "$$28 :", |
---|
1164 | "ldapcfg_stmt : LDAP_HOST QUOTEDSTRING $$28 EOS", |
---|
1165 | "$$29 :", |
---|
1166 | "ldapcfg_stmt : LDAP_PORT NUMBER $$29 EOS", |
---|
1167 | "$$30 :", |
---|
1168 | "ldapcfg_stmt : LDAP_BASE QUOTEDSTRING $$30 EOS", |
---|
1169 | "$$31 :", |
---|
1170 | "ldapcfg_stmt : LDAP_SUBTREE SWITCH $$31 EOS", |
---|
1171 | "$$32 :", |
---|
1172 | "ldapcfg_stmt : LDAP_BIND_DN QUOTEDSTRING $$32 EOS", |
---|
1173 | "$$33 :", |
---|
1174 | "ldapcfg_stmt : LDAP_BIND_PW QUOTEDSTRING $$33 EOS", |
---|
1175 | "$$34 :", |
---|
1176 | "ldapcfg_stmt : LDAP_ATTR_USER QUOTEDSTRING $$34 EOS", |
---|
1177 | "$$35 :", |
---|
1178 | "ldapcfg_stmt : LDAP_ATTR_ADDR QUOTEDSTRING $$35 EOS", |
---|
1179 | "$$36 :", |
---|
1180 | "ldapcfg_stmt : LDAP_ATTR_MASK QUOTEDSTRING $$36 EOS", |
---|
1181 | "$$37 :", |
---|
1182 | "ldapcfg_stmt : LDAP_ATTR_GROUP QUOTEDSTRING $$37 EOS", |
---|
1183 | "$$38 :", |
---|
1184 | "ldapcfg_stmt : LDAP_ATTR_MEMBER QUOTEDSTRING $$38 EOS", |
---|
1185 | "modecfg_statement : MODECFG BOC modecfg_stmts EOC", |
---|
1186 | "modecfg_stmts :", |
---|
1187 | "modecfg_stmts : modecfg_stmts modecfg_stmt", |
---|
1188 | "$$39 :", |
---|
1189 | "modecfg_stmt : CFG_NET4 ADDRSTRING $$39 EOS", |
---|
1190 | "$$40 :", |
---|
1191 | "modecfg_stmt : CFG_MASK4 ADDRSTRING $$40 EOS", |
---|
1192 | "modecfg_stmt : CFG_DNS4 addrdnslist EOS", |
---|
1193 | "modecfg_stmt : CFG_NBNS4 addrwinslist EOS", |
---|
1194 | "$$41 :", |
---|
1195 | "modecfg_stmt : CFG_SPLIT_NETWORK CFG_SPLIT_LOCAL splitnetlist $$41 EOS", |
---|
1196 | "$$42 :", |
---|
1197 | "modecfg_stmt : CFG_SPLIT_NETWORK CFG_SPLIT_INCLUDE splitnetlist $$42 EOS", |
---|
1198 | "$$43 :", |
---|
1199 | "modecfg_stmt : CFG_SPLIT_DNS splitdnslist $$43 EOS", |
---|
1200 | "$$44 :", |
---|
1201 | "modecfg_stmt : CFG_DEFAULT_DOMAIN QUOTEDSTRING $$44 EOS", |
---|
1202 | "$$45 :", |
---|
1203 | "modecfg_stmt : CFG_AUTH_SOURCE CFG_SYSTEM $$45 EOS", |
---|
1204 | "$$46 :", |
---|
1205 | "modecfg_stmt : CFG_AUTH_SOURCE CFG_RADIUS $$46 EOS", |
---|
1206 | "$$47 :", |
---|
1207 | "modecfg_stmt : CFG_AUTH_SOURCE CFG_PAM $$47 EOS", |
---|
1208 | "$$48 :", |
---|
1209 | "modecfg_stmt : CFG_AUTH_SOURCE CFG_LDAP $$48 EOS", |
---|
1210 | "$$49 :", |
---|
1211 | "modecfg_stmt : CFG_AUTH_GROUPS authgrouplist $$49 EOS", |
---|
1212 | "$$50 :", |
---|
1213 | "modecfg_stmt : CFG_GROUP_SOURCE CFG_SYSTEM $$50 EOS", |
---|
1214 | "$$51 :", |
---|
1215 | "modecfg_stmt : CFG_GROUP_SOURCE CFG_LDAP $$51 EOS", |
---|
1216 | "$$52 :", |
---|
1217 | "modecfg_stmt : CFG_ACCOUNTING CFG_NONE $$52 EOS", |
---|
1218 | "$$53 :", |
---|
1219 | "modecfg_stmt : CFG_ACCOUNTING CFG_SYSTEM $$53 EOS", |
---|
1220 | "$$54 :", |
---|
1221 | "modecfg_stmt : CFG_ACCOUNTING CFG_RADIUS $$54 EOS", |
---|
1222 | "$$55 :", |
---|
1223 | "modecfg_stmt : CFG_ACCOUNTING CFG_PAM $$55 EOS", |
---|
1224 | "$$56 :", |
---|
1225 | "modecfg_stmt : CFG_POOL_SIZE NUMBER $$56 EOS", |
---|
1226 | "$$57 :", |
---|
1227 | "modecfg_stmt : CFG_PFS_GROUP NUMBER $$57 EOS", |
---|
1228 | "$$58 :", |
---|
1229 | "modecfg_stmt : CFG_SAVE_PASSWD SWITCH $$58 EOS", |
---|
1230 | "$$59 :", |
---|
1231 | "modecfg_stmt : CFG_AUTH_THROTTLE NUMBER $$59 EOS", |
---|
1232 | "$$60 :", |
---|
1233 | "modecfg_stmt : CFG_CONF_SOURCE CFG_LOCAL $$60 EOS", |
---|
1234 | "$$61 :", |
---|
1235 | "modecfg_stmt : CFG_CONF_SOURCE CFG_RADIUS $$61 EOS", |
---|
1236 | "$$62 :", |
---|
1237 | "modecfg_stmt : CFG_CONF_SOURCE CFG_LDAP $$62 EOS", |
---|
1238 | "$$63 :", |
---|
1239 | "modecfg_stmt : CFG_MOTD QUOTEDSTRING $$63 EOS", |
---|
1240 | "addrdnslist : addrdns", |
---|
1241 | "addrdnslist : addrdns COMMA addrdnslist", |
---|
1242 | "addrdns : ADDRSTRING", |
---|
1243 | "addrwinslist : addrwins", |
---|
1244 | "addrwinslist : addrwins COMMA addrwinslist", |
---|
1245 | "addrwins : ADDRSTRING", |
---|
1246 | "splitnetlist : splitnet", |
---|
1247 | "splitnetlist : splitnetlist COMMA splitnet", |
---|
1248 | "splitnet : ADDRSTRING PREFIX", |
---|
1249 | "authgrouplist : authgroup", |
---|
1250 | "authgrouplist : authgroup COMMA authgrouplist", |
---|
1251 | "authgroup : QUOTEDSTRING", |
---|
1252 | "splitdnslist : splitdns", |
---|
1253 | "splitdnslist : splitdns COMMA splitdnslist", |
---|
1254 | "splitdns : QUOTEDSTRING", |
---|
1255 | "timer_statement : RETRY BOC timer_stmts EOC", |
---|
1256 | "timer_stmts :", |
---|
1257 | "timer_stmts : timer_stmts timer_stmt", |
---|
1258 | "$$64 :", |
---|
1259 | "timer_stmt : RETRY_COUNTER NUMBER $$64 EOS", |
---|
1260 | "$$65 :", |
---|
1261 | "timer_stmt : RETRY_INTERVAL NUMBER unittype_time $$65 EOS", |
---|
1262 | "$$66 :", |
---|
1263 | "timer_stmt : RETRY_PERSEND NUMBER $$66 EOS", |
---|
1264 | "$$67 :", |
---|
1265 | "timer_stmt : RETRY_PHASE1 NUMBER unittype_time $$67 EOS", |
---|
1266 | "$$68 :", |
---|
1267 | "timer_stmt : RETRY_PHASE2 NUMBER unittype_time $$68 EOS", |
---|
1268 | "$$69 :", |
---|
1269 | "timer_stmt : NATT_KA NUMBER unittype_time $$69 EOS", |
---|
1270 | "$$70 :", |
---|
1271 | "$$71 :", |
---|
1272 | "sainfo_statement : SAINFO $$70 sainfo_name sainfo_param BOC sainfo_specs $$71 EOC", |
---|
1273 | "sainfo_name : ANONYMOUS", |
---|
1274 | "sainfo_name : ANONYMOUS CLIENTADDR", |
---|
1275 | "sainfo_name : ANONYMOUS sainfo_id", |
---|
1276 | "sainfo_name : sainfo_id ANONYMOUS", |
---|
1277 | "sainfo_name : sainfo_id CLIENTADDR", |
---|
1278 | "sainfo_name : sainfo_id sainfo_id", |
---|
1279 | "sainfo_id : IDENTIFIERTYPE ADDRSTRING prefix port ul_proto", |
---|
1280 | "sainfo_id : IDENTIFIERTYPE ADDRSTRING ADDRRANGE prefix port ul_proto", |
---|
1281 | "sainfo_id : IDENTIFIERTYPE QUOTEDSTRING", |
---|
1282 | "sainfo_param :", |
---|
1283 | "sainfo_param : FROM IDENTIFIERTYPE identifierstring", |
---|
1284 | "sainfo_param : GROUP QUOTEDSTRING", |
---|
1285 | "sainfo_specs :", |
---|
1286 | "sainfo_specs : sainfo_specs sainfo_spec", |
---|
1287 | "$$72 :", |
---|
1288 | "sainfo_spec : PFS_GROUP dh_group_num $$72 EOS", |
---|
1289 | "$$73 :", |
---|
1290 | "sainfo_spec : REMOTEID NUMBER $$73 EOS", |
---|
1291 | "$$74 :", |
---|
1292 | "sainfo_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$74 EOS", |
---|
1293 | "$$75 :", |
---|
1294 | "sainfo_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$75 EOS", |
---|
1295 | "$$76 :", |
---|
1296 | "sainfo_spec : ALGORITHM_CLASS $$76 algorithms EOS", |
---|
1297 | "algorithms : algorithm", |
---|
1298 | "$$77 :", |
---|
1299 | "algorithms : algorithm $$77 COMMA algorithms", |
---|
1300 | "algorithm : ALGORITHMTYPE keylength", |
---|
1301 | "prefix :", |
---|
1302 | "prefix : PREFIX", |
---|
1303 | "port :", |
---|
1304 | "port : PORT", |
---|
1305 | "port : PORTANY", |
---|
1306 | "ul_proto : NUMBER", |
---|
1307 | "ul_proto : UL_PROTO", |
---|
1308 | "ul_proto : ANY", |
---|
1309 | "keylength :", |
---|
1310 | "keylength : NUMBER", |
---|
1311 | "$$78 :", |
---|
1312 | "remote_statement : REMOTE QUOTEDSTRING INHERIT QUOTEDSTRING $$78 remote_specs_inherit_block", |
---|
1313 | "$$79 :", |
---|
1314 | "remote_statement : REMOTE QUOTEDSTRING $$79 remote_specs_block", |
---|
1315 | "$$80 :", |
---|
1316 | "remote_statement : REMOTE remote_index INHERIT remote_index $$80 remote_specs_inherit_block", |
---|
1317 | "$$81 :", |
---|
1318 | "remote_statement : REMOTE remote_index $$81 remote_specs_block", |
---|
1319 | "remote_specs_inherit_block : remote_specs_block", |
---|
1320 | "remote_specs_inherit_block : EOS", |
---|
1321 | "remote_specs_block : BOC remote_specs EOC", |
---|
1322 | "remote_index : ANONYMOUS ike_port", |
---|
1323 | "remote_index : ike_addrinfo_port", |
---|
1324 | "remote_specs :", |
---|
1325 | "remote_specs : remote_specs remote_spec", |
---|
1326 | "$$82 :", |
---|
1327 | "remote_spec : REMOTE_ADDRESS ike_addrinfo_port $$82 EOS", |
---|
1328 | "$$83 :", |
---|
1329 | "remote_spec : EXCHANGE_MODE $$83 exchange_types EOS", |
---|
1330 | "$$84 :", |
---|
1331 | "remote_spec : DOI DOITYPE $$84 EOS", |
---|
1332 | "$$85 :", |
---|
1333 | "remote_spec : SITUATION SITUATIONTYPE $$85 EOS", |
---|
1334 | "remote_spec : CERTIFICATE_TYPE cert_spec", |
---|
1335 | "$$86 :", |
---|
1336 | "remote_spec : PEERS_CERTFILE QUOTEDSTRING $$86 EOS", |
---|
1337 | "$$87 :", |
---|
1338 | "remote_spec : PEERS_CERTFILE CERT_X509 QUOTEDSTRING $$87 EOS", |
---|
1339 | "$$88 :", |
---|
1340 | "remote_spec : PEERS_CERTFILE CERT_PLAINRSA QUOTEDSTRING $$88 EOS", |
---|
1341 | "$$89 :", |
---|
1342 | "remote_spec : PEERS_CERTFILE DNSSEC $$89 EOS", |
---|
1343 | "$$90 :", |
---|
1344 | "remote_spec : CA_TYPE CERT_X509 QUOTEDSTRING $$90 EOS", |
---|
1345 | "$$91 :", |
---|
1346 | "remote_spec : VERIFY_CERT SWITCH $$91 EOS", |
---|
1347 | "$$92 :", |
---|
1348 | "remote_spec : SEND_CERT SWITCH $$92 EOS", |
---|
1349 | "$$93 :", |
---|
1350 | "remote_spec : SEND_CR SWITCH $$93 EOS", |
---|
1351 | "$$94 :", |
---|
1352 | "remote_spec : MATCH_EMPTY_CR SWITCH $$94 EOS", |
---|
1353 | "$$95 :", |
---|
1354 | "remote_spec : MY_IDENTIFIER IDENTIFIERTYPE identifierstring $$95 EOS", |
---|
1355 | "$$96 :", |
---|
1356 | "remote_spec : MY_IDENTIFIER IDENTIFIERTYPE IDENTIFIERQUAL identifierstring $$96 EOS", |
---|
1357 | "$$97 :", |
---|
1358 | "remote_spec : XAUTH_LOGIN identifierstring $$97 EOS", |
---|
1359 | "$$98 :", |
---|
1360 | "remote_spec : PEERS_IDENTIFIER IDENTIFIERTYPE identifierstring $$98 EOS", |
---|
1361 | "$$99 :", |
---|
1362 | "remote_spec : PEERS_IDENTIFIER IDENTIFIERTYPE IDENTIFIERQUAL identifierstring $$99 EOS", |
---|
1363 | "$$100 :", |
---|
1364 | "remote_spec : VERIFY_IDENTIFIER SWITCH $$100 EOS", |
---|
1365 | "$$101 :", |
---|
1366 | "remote_spec : NONCE_SIZE NUMBER $$101 EOS", |
---|
1367 | "$$102 :", |
---|
1368 | "remote_spec : DH_GROUP $$102 dh_group_num EOS", |
---|
1369 | "$$103 :", |
---|
1370 | "remote_spec : PASSIVE SWITCH $$103 EOS", |
---|
1371 | "$$104 :", |
---|
1372 | "remote_spec : IKE_FRAG SWITCH $$104 EOS", |
---|
1373 | "$$105 :", |
---|
1374 | "remote_spec : IKE_FRAG REMOTE_FORCE_LEVEL $$105 EOS", |
---|
1375 | "$$106 :", |
---|
1376 | "remote_spec : ESP_FRAG NUMBER $$106 EOS", |
---|
1377 | "$$107 :", |
---|
1378 | "remote_spec : SCRIPT QUOTEDSTRING PHASE1_UP $$107 EOS", |
---|
1379 | "$$108 :", |
---|
1380 | "remote_spec : SCRIPT QUOTEDSTRING PHASE1_DOWN $$108 EOS", |
---|
1381 | "$$109 :", |
---|
1382 | "remote_spec : SCRIPT QUOTEDSTRING PHASE1_DEAD $$109 EOS", |
---|
1383 | "$$110 :", |
---|
1384 | "remote_spec : MODE_CFG SWITCH $$110 EOS", |
---|
1385 | "$$111 :", |
---|
1386 | "remote_spec : WEAK_PHASE1_CHECK SWITCH $$111 EOS", |
---|
1387 | "$$112 :", |
---|
1388 | "remote_spec : GENERATE_POLICY SWITCH $$112 EOS", |
---|
1389 | "$$113 :", |
---|
1390 | "remote_spec : GENERATE_POLICY GENERATE_LEVEL $$113 EOS", |
---|
1391 | "$$114 :", |
---|
1392 | "remote_spec : SUPPORT_PROXY SWITCH $$114 EOS", |
---|
1393 | "$$115 :", |
---|
1394 | "remote_spec : INITIAL_CONTACT SWITCH $$115 EOS", |
---|
1395 | "$$116 :", |
---|
1396 | "remote_spec : NAT_TRAVERSAL SWITCH $$116 EOS", |
---|
1397 | "$$117 :", |
---|
1398 | "remote_spec : NAT_TRAVERSAL REMOTE_FORCE_LEVEL $$117 EOS", |
---|
1399 | "$$118 :", |
---|
1400 | "remote_spec : DPD SWITCH $$118 EOS", |
---|
1401 | "$$119 :", |
---|
1402 | "remote_spec : DPD_DELAY NUMBER $$119 EOS", |
---|
1403 | "$$120 :", |
---|
1404 | "remote_spec : DPD_RETRY NUMBER $$120 EOS", |
---|
1405 | "$$121 :", |
---|
1406 | "remote_spec : DPD_MAXFAIL NUMBER $$121 EOS", |
---|
1407 | "$$122 :", |
---|
1408 | "remote_spec : REKEY SWITCH $$122 EOS", |
---|
1409 | "$$123 :", |
---|
1410 | "remote_spec : REKEY REMOTE_FORCE_LEVEL $$123 EOS", |
---|
1411 | "$$124 :", |
---|
1412 | "remote_spec : PH1ID NUMBER $$124 EOS", |
---|
1413 | "$$125 :", |
---|
1414 | "remote_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$125 EOS", |
---|
1415 | "$$126 :", |
---|
1416 | "remote_spec : PROPOSAL_CHECK PROPOSAL_CHECK_LEVEL $$126 EOS", |
---|
1417 | "$$127 :", |
---|
1418 | "remote_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$127 EOS", |
---|
1419 | "$$128 :", |
---|
1420 | "remote_spec : PROPOSAL $$128 BOC isakmpproposal_specs EOC", |
---|
1421 | "exchange_types :", |
---|
1422 | "exchange_types : exchange_types EXCHANGETYPE", |
---|
1423 | "$$129 :", |
---|
1424 | "cert_spec : CERT_X509 QUOTEDSTRING QUOTEDSTRING $$129 EOS", |
---|
1425 | "$$130 :", |
---|
1426 | "cert_spec : CERT_PLAINRSA QUOTEDSTRING $$130 EOS", |
---|
1427 | "dh_group_num : ALGORITHMTYPE", |
---|
1428 | "dh_group_num : NUMBER", |
---|
1429 | "identifierstring :", |
---|
1430 | "identifierstring : ADDRSTRING", |
---|
1431 | "identifierstring : QUOTEDSTRING", |
---|
1432 | "isakmpproposal_specs :", |
---|
1433 | "isakmpproposal_specs : isakmpproposal_specs isakmpproposal_spec", |
---|
1434 | "$$131 :", |
---|
1435 | "isakmpproposal_spec : LIFETIME LIFETYPE_TIME NUMBER unittype_time $$131 EOS", |
---|
1436 | "$$132 :", |
---|
1437 | "isakmpproposal_spec : LIFETIME LIFETYPE_BYTE NUMBER unittype_byte $$132 EOS", |
---|
1438 | "$$133 :", |
---|
1439 | "isakmpproposal_spec : DH_GROUP dh_group_num $$133 EOS", |
---|
1440 | "$$134 :", |
---|
1441 | "isakmpproposal_spec : GSS_ID QUOTEDSTRING $$134 EOS", |
---|
1442 | "$$135 :", |
---|
1443 | "isakmpproposal_spec : ALGORITHM_CLASS ALGORITHMTYPE keylength $$135 EOS", |
---|
1444 | "unittype_time : UNITTYPE_SEC", |
---|
1445 | "unittype_time : UNITTYPE_MIN", |
---|
1446 | "unittype_time : UNITTYPE_HOUR", |
---|
1447 | "unittype_byte : UNITTYPE_BYTE", |
---|
1448 | "unittype_byte : UNITTYPE_KBYTES", |
---|
1449 | "unittype_byte : UNITTYPE_MBYTES", |
---|
1450 | "unittype_byte : UNITTYPE_TBYTES", |
---|
1451 | |
---|
1452 | }; |
---|
1453 | #endif |
---|
1454 | |
---|
1455 | int yydebug; |
---|
1456 | int yynerrs; |
---|
1457 | |
---|
1458 | int yyerrflag; |
---|
1459 | int yychar; |
---|
1460 | YYSTYPE yyval; |
---|
1461 | YYSTYPE yylval; |
---|
1462 | |
---|
1463 | /* define the initial stack-sizes */ |
---|
1464 | #ifdef YYSTACKSIZE |
---|
1465 | #undef YYMAXDEPTH |
---|
1466 | #define YYMAXDEPTH YYSTACKSIZE |
---|
1467 | #else |
---|
1468 | #ifdef YYMAXDEPTH |
---|
1469 | #define YYSTACKSIZE YYMAXDEPTH |
---|
1470 | #else |
---|
1471 | #define YYSTACKSIZE 10000 |
---|
1472 | #define YYMAXDEPTH 10000 |
---|
1473 | #endif |
---|
1474 | #endif |
---|
1475 | |
---|
1476 | #define YYINITSTACKSIZE 200 |
---|
1477 | |
---|
1478 | typedef struct { |
---|
1479 | unsigned stacksize; |
---|
1480 | YYINT *s_base; |
---|
1481 | YYINT *s_mark; |
---|
1482 | YYINT *s_last; |
---|
1483 | YYSTYPE *l_base; |
---|
1484 | YYSTYPE *l_mark; |
---|
1485 | } YYSTACKDATA; |
---|
1486 | /* variables for the parser stack */ |
---|
1487 | static YYSTACKDATA yystack; |
---|
1488 | #line 2399 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
1489 | |
---|
1490 | static struct secprotospec * |
---|
1491 | newspspec() |
---|
1492 | { |
---|
1493 | struct secprotospec *new; |
---|
1494 | |
---|
1495 | new = racoon_calloc(1, sizeof(*new)); |
---|
1496 | if (new == NULL) { |
---|
1497 | yyerror("failed to allocate spproto"); |
---|
1498 | return NULL; |
---|
1499 | } |
---|
1500 | |
---|
1501 | new->encklen = 0; /*XXX*/ |
---|
1502 | |
---|
1503 | /* |
---|
1504 | * Default to "uknown" vendor -- we will override this |
---|
1505 | * as necessary. When we send a Vendor ID payload, an |
---|
1506 | * "unknown" will be translated to a KAME/racoon ID. |
---|
1507 | */ |
---|
1508 | new->vendorid = VENDORID_UNKNOWN; |
---|
1509 | |
---|
1510 | return new; |
---|
1511 | } |
---|
1512 | |
---|
1513 | /* |
---|
1514 | * insert into head of list. |
---|
1515 | */ |
---|
1516 | static void |
---|
1517 | insspspec(rmconf, spspec) |
---|
1518 | struct remoteconf *rmconf; |
---|
1519 | struct secprotospec *spspec; |
---|
1520 | { |
---|
1521 | if (rmconf->spspec != NULL) |
---|
1522 | rmconf->spspec->prev = spspec; |
---|
1523 | spspec->next = rmconf->spspec; |
---|
1524 | rmconf->spspec = spspec; |
---|
1525 | } |
---|
1526 | |
---|
1527 | static struct secprotospec * |
---|
1528 | dupspspec(spspec) |
---|
1529 | struct secprotospec *spspec; |
---|
1530 | { |
---|
1531 | struct secprotospec *new; |
---|
1532 | |
---|
1533 | new = newspspec(); |
---|
1534 | if (new == NULL) { |
---|
1535 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1536 | "dupspspec: malloc failed\n"); |
---|
1537 | return NULL; |
---|
1538 | } |
---|
1539 | memcpy(new, spspec, sizeof(*new)); |
---|
1540 | |
---|
1541 | if (spspec->gssid) { |
---|
1542 | new->gssid = racoon_strdup(spspec->gssid); |
---|
1543 | STRDUP_FATAL(new->gssid); |
---|
1544 | } |
---|
1545 | if (spspec->remote) { |
---|
1546 | new->remote = racoon_malloc(sizeof(*new->remote)); |
---|
1547 | if (new->remote == NULL) { |
---|
1548 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1549 | "dupspspec: malloc failed (remote)\n"); |
---|
1550 | return NULL; |
---|
1551 | } |
---|
1552 | memcpy(new->remote, spspec->remote, sizeof(*new->remote)); |
---|
1553 | } |
---|
1554 | |
---|
1555 | return new; |
---|
1556 | } |
---|
1557 | |
---|
1558 | /* |
---|
1559 | * copy the whole list |
---|
1560 | */ |
---|
1561 | void |
---|
1562 | dupspspec_list(dst, src) |
---|
1563 | struct remoteconf *dst, *src; |
---|
1564 | { |
---|
1565 | struct secprotospec *p, *new, *last; |
---|
1566 | |
---|
1567 | for(p = src->spspec, last = NULL; p; p = p->next, last = new) { |
---|
1568 | new = dupspspec(p); |
---|
1569 | if (new == NULL) |
---|
1570 | exit(1); |
---|
1571 | |
---|
1572 | new->prev = last; |
---|
1573 | new->next = NULL; /* not necessary but clean */ |
---|
1574 | |
---|
1575 | if (last) |
---|
1576 | last->next = new; |
---|
1577 | else /* first element */ |
---|
1578 | dst->spspec = new; |
---|
1579 | |
---|
1580 | } |
---|
1581 | } |
---|
1582 | |
---|
1583 | /* |
---|
1584 | * delete the whole list |
---|
1585 | */ |
---|
1586 | void |
---|
1587 | flushspspec(rmconf) |
---|
1588 | struct remoteconf *rmconf; |
---|
1589 | { |
---|
1590 | struct secprotospec *p; |
---|
1591 | |
---|
1592 | while(rmconf->spspec != NULL) { |
---|
1593 | p = rmconf->spspec; |
---|
1594 | rmconf->spspec = p->next; |
---|
1595 | if (p->next != NULL) |
---|
1596 | p->next->prev = NULL; /* not necessary but clean */ |
---|
1597 | |
---|
1598 | if (p->gssid) |
---|
1599 | racoon_free(p->gssid); |
---|
1600 | if (p->remote) |
---|
1601 | racoon_free(p->remote); |
---|
1602 | racoon_free(p); |
---|
1603 | } |
---|
1604 | rmconf->spspec = NULL; |
---|
1605 | } |
---|
1606 | |
---|
1607 | /* set final acceptable proposal */ |
---|
1608 | static int |
---|
1609 | set_isakmp_proposal(rmconf) |
---|
1610 | struct remoteconf *rmconf; |
---|
1611 | { |
---|
1612 | struct secprotospec *s; |
---|
1613 | int prop_no = 1; |
---|
1614 | int trns_no = 1; |
---|
1615 | int32_t types[MAXALGCLASS]; |
---|
1616 | |
---|
1617 | /* mandatory check */ |
---|
1618 | if (rmconf->spspec == NULL) { |
---|
1619 | yyerror("no remote specification found: %s.\n", |
---|
1620 | saddr2str(rmconf->remote)); |
---|
1621 | return -1; |
---|
1622 | } |
---|
1623 | for (s = rmconf->spspec; s != NULL; s = s->next) { |
---|
1624 | /* XXX need more to check */ |
---|
1625 | if (s->algclass[algclass_isakmp_enc] == 0) { |
---|
1626 | yyerror("encryption algorithm required."); |
---|
1627 | return -1; |
---|
1628 | } |
---|
1629 | if (s->algclass[algclass_isakmp_hash] == 0) { |
---|
1630 | yyerror("hash algorithm required."); |
---|
1631 | return -1; |
---|
1632 | } |
---|
1633 | if (s->algclass[algclass_isakmp_dh] == 0) { |
---|
1634 | yyerror("DH group required."); |
---|
1635 | return -1; |
---|
1636 | } |
---|
1637 | if (s->algclass[algclass_isakmp_ameth] == 0) { |
---|
1638 | yyerror("authentication method required."); |
---|
1639 | return -1; |
---|
1640 | } |
---|
1641 | } |
---|
1642 | |
---|
1643 | /* skip to last part */ |
---|
1644 | for (s = rmconf->spspec; s->next != NULL; s = s->next) |
---|
1645 | ; |
---|
1646 | |
---|
1647 | while (s != NULL) { |
---|
1648 | plog(LLV_DEBUG2, LOCATION, NULL, |
---|
1649 | "lifetime = %ld\n", (long) |
---|
1650 | (s->lifetime ? s->lifetime : rmconf->lifetime)); |
---|
1651 | plog(LLV_DEBUG2, LOCATION, NULL, |
---|
1652 | "lifebyte = %d\n", |
---|
1653 | s->lifebyte ? s->lifebyte : rmconf->lifebyte); |
---|
1654 | plog(LLV_DEBUG2, LOCATION, NULL, |
---|
1655 | "encklen=%d\n", s->encklen); |
---|
1656 | |
---|
1657 | memset(types, 0, ARRAYLEN(types)); |
---|
1658 | types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc]; |
---|
1659 | types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash]; |
---|
1660 | types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh]; |
---|
1661 | types[algclass_isakmp_ameth] = |
---|
1662 | s->algclass[algclass_isakmp_ameth]; |
---|
1663 | |
---|
1664 | /* expanding spspec */ |
---|
1665 | clean_tmpalgtype(); |
---|
1666 | trns_no = expand_isakmpspec(prop_no, trns_no, types, |
---|
1667 | algclass_isakmp_enc, algclass_isakmp_ameth + 1, |
---|
1668 | s->lifetime ? s->lifetime : rmconf->lifetime, |
---|
1669 | s->lifebyte ? s->lifebyte : rmconf->lifebyte, |
---|
1670 | s->encklen, s->vendorid, s->gssid, |
---|
1671 | rmconf); |
---|
1672 | if (trns_no == -1) { |
---|
1673 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1674 | "failed to expand isakmp proposal.\n"); |
---|
1675 | return -1; |
---|
1676 | } |
---|
1677 | |
---|
1678 | s = s->prev; |
---|
1679 | } |
---|
1680 | |
---|
1681 | if (rmconf->proposal == NULL) { |
---|
1682 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1683 | "no proposal found.\n"); |
---|
1684 | return -1; |
---|
1685 | } |
---|
1686 | |
---|
1687 | return 0; |
---|
1688 | } |
---|
1689 | |
---|
1690 | static void |
---|
1691 | clean_tmpalgtype() |
---|
1692 | { |
---|
1693 | int i; |
---|
1694 | for (i = 0; i < MAXALGCLASS; i++) |
---|
1695 | tmpalgtype[i] = 0; /* means algorithm undefined. */ |
---|
1696 | } |
---|
1697 | |
---|
1698 | static int |
---|
1699 | expand_isakmpspec(prop_no, trns_no, types, |
---|
1700 | class, last, lifetime, lifebyte, encklen, vendorid, gssid, |
---|
1701 | rmconf) |
---|
1702 | int prop_no, trns_no; |
---|
1703 | int *types, class, last; |
---|
1704 | time_t lifetime; |
---|
1705 | int lifebyte; |
---|
1706 | int encklen; |
---|
1707 | int vendorid; |
---|
1708 | char *gssid; |
---|
1709 | struct remoteconf *rmconf; |
---|
1710 | { |
---|
1711 | struct isakmpsa *new; |
---|
1712 | |
---|
1713 | /* debugging */ |
---|
1714 | { |
---|
1715 | int j; |
---|
1716 | char tb[10]; |
---|
1717 | plog(LLV_DEBUG2, LOCATION, NULL, |
---|
1718 | "p:%d t:%d\n", prop_no, trns_no); |
---|
1719 | for (j = class; j < MAXALGCLASS; j++) { |
---|
1720 | snprintf(tb, sizeof(tb), "%d", types[j]); |
---|
1721 | plog(LLV_DEBUG2, LOCATION, NULL, |
---|
1722 | "%s%s%s%s\n", |
---|
1723 | s_algtype(j, types[j]), |
---|
1724 | types[j] ? "(" : "", |
---|
1725 | tb[0] == '0' ? "" : tb, |
---|
1726 | types[j] ? ")" : ""); |
---|
1727 | } |
---|
1728 | plog(LLV_DEBUG2, LOCATION, NULL, "\n"); |
---|
1729 | } |
---|
1730 | |
---|
1731 | #define TMPALGTYPE2STR(n) \ |
---|
1732 | s_algtype(algclass_isakmp_##n, types[algclass_isakmp_##n]) |
---|
1733 | /* check mandatory values */ |
---|
1734 | if (types[algclass_isakmp_enc] == 0 |
---|
1735 | || types[algclass_isakmp_ameth] == 0 |
---|
1736 | || types[algclass_isakmp_hash] == 0 |
---|
1737 | || types[algclass_isakmp_dh] == 0) { |
---|
1738 | yyerror("few definition of algorithm " |
---|
1739 | "enc=%s ameth=%s hash=%s dhgroup=%s.\n", |
---|
1740 | TMPALGTYPE2STR(enc), |
---|
1741 | TMPALGTYPE2STR(ameth), |
---|
1742 | TMPALGTYPE2STR(hash), |
---|
1743 | TMPALGTYPE2STR(dh)); |
---|
1744 | return -1; |
---|
1745 | } |
---|
1746 | #undef TMPALGTYPE2STR |
---|
1747 | |
---|
1748 | /* set new sa */ |
---|
1749 | new = newisakmpsa(); |
---|
1750 | if (new == NULL) { |
---|
1751 | yyerror("failed to allocate isakmp sa"); |
---|
1752 | return -1; |
---|
1753 | } |
---|
1754 | new->prop_no = prop_no; |
---|
1755 | new->trns_no = trns_no++; |
---|
1756 | new->lifetime = lifetime; |
---|
1757 | new->lifebyte = lifebyte; |
---|
1758 | new->enctype = types[algclass_isakmp_enc]; |
---|
1759 | new->encklen = encklen; |
---|
1760 | new->authmethod = types[algclass_isakmp_ameth]; |
---|
1761 | new->hashtype = types[algclass_isakmp_hash]; |
---|
1762 | new->dh_group = types[algclass_isakmp_dh]; |
---|
1763 | new->vendorid = vendorid; |
---|
1764 | #ifdef HAVE_GSSAPI |
---|
1765 | if (new->authmethod == OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB) { |
---|
1766 | if (gssid != NULL) { |
---|
1767 | if ((new->gssid = vmalloc(strlen(gssid))) == NULL) { |
---|
1768 | racoon_free(new); |
---|
1769 | yyerror("failed to allocate gssid"); |
---|
1770 | return -1; |
---|
1771 | } |
---|
1772 | memcpy(new->gssid->v, gssid, new->gssid->l); |
---|
1773 | racoon_free(gssid); |
---|
1774 | } else { |
---|
1775 | /* |
---|
1776 | * Allocate the default ID so that it gets put |
---|
1777 | * into a GSS ID attribute during the Phase 1 |
---|
1778 | * exchange. |
---|
1779 | */ |
---|
1780 | new->gssid = gssapi_get_default_gss_id(); |
---|
1781 | } |
---|
1782 | } |
---|
1783 | #endif |
---|
1784 | insisakmpsa(new, rmconf); |
---|
1785 | |
---|
1786 | return trns_no; |
---|
1787 | } |
---|
1788 | |
---|
1789 | #if 0 |
---|
1790 | /* |
---|
1791 | * fix lifebyte. |
---|
1792 | * Must be more than 1024B because its unit is kilobytes. |
---|
1793 | * That is defined RFC2407. |
---|
1794 | */ |
---|
1795 | static int |
---|
1796 | fix_lifebyte(t) |
---|
1797 | unsigned long t; |
---|
1798 | { |
---|
1799 | if (t < 1024) { |
---|
1800 | yyerror("byte size should be more than 1024B."); |
---|
1801 | return 0; |
---|
1802 | } |
---|
1803 | |
---|
1804 | return(t / 1024); |
---|
1805 | } |
---|
1806 | #endif |
---|
1807 | |
---|
1808 | int |
---|
1809 | cfparse() |
---|
1810 | { |
---|
1811 | int error; |
---|
1812 | |
---|
1813 | yyerrorcount = 0; |
---|
1814 | yycf_init_buffer(); |
---|
1815 | |
---|
1816 | if (yycf_switch_buffer(lcconf->racoon_conf) != 0) { |
---|
1817 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1818 | "could not read configuration file \"%s\"\n", |
---|
1819 | lcconf->racoon_conf); |
---|
1820 | return -1; |
---|
1821 | } |
---|
1822 | |
---|
1823 | error = yyparse(); |
---|
1824 | if (error != 0) { |
---|
1825 | if (yyerrorcount) { |
---|
1826 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1827 | "fatal parse failure (%d errors)\n", |
---|
1828 | yyerrorcount); |
---|
1829 | } else { |
---|
1830 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1831 | "fatal parse failure.\n"); |
---|
1832 | } |
---|
1833 | return -1; |
---|
1834 | } |
---|
1835 | |
---|
1836 | if (error == 0 && yyerrorcount) { |
---|
1837 | plog(LLV_ERROR, LOCATION, NULL, |
---|
1838 | "parse error is nothing, but yyerrorcount is %d.\n", |
---|
1839 | yyerrorcount); |
---|
1840 | exit(1); |
---|
1841 | } |
---|
1842 | |
---|
1843 | yycf_clean_buffer(); |
---|
1844 | |
---|
1845 | plog(LLV_DEBUG2, LOCATION, NULL, "parse successed.\n"); |
---|
1846 | |
---|
1847 | return 0; |
---|
1848 | } |
---|
1849 | |
---|
1850 | int |
---|
1851 | cfreparse() |
---|
1852 | { |
---|
1853 | flushph2(); |
---|
1854 | flushph1(); |
---|
1855 | flushrmconf(); |
---|
1856 | flushsainfo(); |
---|
1857 | clean_tmpalgtype(); |
---|
1858 | return(cfparse()); |
---|
1859 | } |
---|
1860 | |
---|
1861 | #ifdef ENABLE_ADMINPORT |
---|
1862 | static void |
---|
1863 | adminsock_conf(path, owner, group, mode_dec) |
---|
1864 | vchar_t *path; |
---|
1865 | vchar_t *owner; |
---|
1866 | vchar_t *group; |
---|
1867 | int mode_dec; |
---|
1868 | { |
---|
1869 | struct passwd *pw = NULL; |
---|
1870 | struct group *gr = NULL; |
---|
1871 | mode_t mode = 0; |
---|
1872 | uid_t uid; |
---|
1873 | gid_t gid; |
---|
1874 | int isnum; |
---|
1875 | |
---|
1876 | adminsock_path = path->v; |
---|
1877 | |
---|
1878 | if (owner == NULL) |
---|
1879 | return; |
---|
1880 | |
---|
1881 | errno = 0; |
---|
1882 | uid = atoi(owner->v); |
---|
1883 | isnum = !errno; |
---|
1884 | if (((pw = getpwnam(owner->v)) == NULL) && !isnum) |
---|
1885 | yyerror("User \"%s\" does not exist", owner->v); |
---|
1886 | |
---|
1887 | if (pw) |
---|
1888 | adminsock_owner = pw->pw_uid; |
---|
1889 | else |
---|
1890 | adminsock_owner = uid; |
---|
1891 | |
---|
1892 | if (group == NULL) |
---|
1893 | return; |
---|
1894 | |
---|
1895 | errno = 0; |
---|
1896 | gid = atoi(group->v); |
---|
1897 | isnum = !errno; |
---|
1898 | if (((gr = getgrnam(group->v)) == NULL) && !isnum) |
---|
1899 | yyerror("Group \"%s\" does not exist", group->v); |
---|
1900 | |
---|
1901 | if (gr) |
---|
1902 | adminsock_group = gr->gr_gid; |
---|
1903 | else |
---|
1904 | adminsock_group = gid; |
---|
1905 | |
---|
1906 | if (mode_dec == -1) |
---|
1907 | return; |
---|
1908 | |
---|
1909 | if (mode_dec > 777) |
---|
1910 | yyerror("Mode 0%03o is invalid", mode_dec); |
---|
1911 | if (mode_dec >= 400) { mode += 0400; mode_dec -= 400; } |
---|
1912 | if (mode_dec >= 200) { mode += 0200; mode_dec -= 200; } |
---|
1913 | if (mode_dec >= 100) { mode += 0200; mode_dec -= 100; } |
---|
1914 | |
---|
1915 | if (mode_dec > 77) |
---|
1916 | yyerror("Mode 0%03o is invalid", mode_dec); |
---|
1917 | if (mode_dec >= 40) { mode += 040; mode_dec -= 40; } |
---|
1918 | if (mode_dec >= 20) { mode += 020; mode_dec -= 20; } |
---|
1919 | if (mode_dec >= 10) { mode += 020; mode_dec -= 10; } |
---|
1920 | |
---|
1921 | if (mode_dec > 7) |
---|
1922 | yyerror("Mode 0%03o is invalid", mode_dec); |
---|
1923 | if (mode_dec >= 4) { mode += 04; mode_dec -= 4; } |
---|
1924 | if (mode_dec >= 2) { mode += 02; mode_dec -= 2; } |
---|
1925 | if (mode_dec >= 1) { mode += 02; mode_dec -= 1; } |
---|
1926 | |
---|
1927 | adminsock_mode = mode; |
---|
1928 | |
---|
1929 | return; |
---|
1930 | } |
---|
1931 | #endif |
---|
1932 | #line 1933 "racoonyy.tab.c" |
---|
1933 | |
---|
1934 | #if YYDEBUG |
---|
1935 | #include <stdio.h> /* needed for printf */ |
---|
1936 | #endif |
---|
1937 | |
---|
1938 | #include <stdlib.h> /* needed for malloc, etc */ |
---|
1939 | #include <string.h> /* needed for memset */ |
---|
1940 | |
---|
1941 | /* allocate initial stack or double stack size, up to YYMAXDEPTH */ |
---|
1942 | static int yygrowstack(YYSTACKDATA *data) |
---|
1943 | { |
---|
1944 | int i; |
---|
1945 | unsigned newsize; |
---|
1946 | YYINT *newss; |
---|
1947 | YYSTYPE *newvs; |
---|
1948 | |
---|
1949 | if ((newsize = data->stacksize) == 0) |
---|
1950 | newsize = YYINITSTACKSIZE; |
---|
1951 | else if (newsize >= YYMAXDEPTH) |
---|
1952 | return YYENOMEM; |
---|
1953 | else if ((newsize *= 2) > YYMAXDEPTH) |
---|
1954 | newsize = YYMAXDEPTH; |
---|
1955 | |
---|
1956 | i = (int) (data->s_mark - data->s_base); |
---|
1957 | newss = (YYINT *)realloc(data->s_base, newsize * sizeof(*newss)); |
---|
1958 | if (newss == 0) |
---|
1959 | return YYENOMEM; |
---|
1960 | |
---|
1961 | data->s_base = newss; |
---|
1962 | data->s_mark = newss + i; |
---|
1963 | |
---|
1964 | newvs = (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs)); |
---|
1965 | if (newvs == 0) |
---|
1966 | return YYENOMEM; |
---|
1967 | |
---|
1968 | data->l_base = newvs; |
---|
1969 | data->l_mark = newvs + i; |
---|
1970 | |
---|
1971 | data->stacksize = newsize; |
---|
1972 | data->s_last = data->s_base + newsize - 1; |
---|
1973 | return 0; |
---|
1974 | } |
---|
1975 | |
---|
1976 | #if YYPURE || defined(YY_NO_LEAKS) |
---|
1977 | static void yyfreestack(YYSTACKDATA *data) |
---|
1978 | { |
---|
1979 | free(data->s_base); |
---|
1980 | free(data->l_base); |
---|
1981 | memset(data, 0, sizeof(*data)); |
---|
1982 | } |
---|
1983 | #else |
---|
1984 | #define yyfreestack(data) /* nothing */ |
---|
1985 | #endif |
---|
1986 | |
---|
1987 | #define YYABORT goto yyabort |
---|
1988 | #define YYREJECT goto yyabort |
---|
1989 | #define YYACCEPT goto yyaccept |
---|
1990 | #define YYERROR goto yyerrlab |
---|
1991 | |
---|
1992 | int |
---|
1993 | YYPARSE_DECL() |
---|
1994 | { |
---|
1995 | int yym, yyn, yystate; |
---|
1996 | #if YYDEBUG |
---|
1997 | const char *yys; |
---|
1998 | |
---|
1999 | if ((yys = getenv("YYDEBUG")) != 0) |
---|
2000 | { |
---|
2001 | yyn = *yys; |
---|
2002 | if (yyn >= '0' && yyn <= '9') |
---|
2003 | yydebug = yyn - '0'; |
---|
2004 | } |
---|
2005 | #endif |
---|
2006 | |
---|
2007 | yym = 0; |
---|
2008 | yyn = 0; |
---|
2009 | yynerrs = 0; |
---|
2010 | yyerrflag = 0; |
---|
2011 | yychar = YYEMPTY; |
---|
2012 | yystate = 0; |
---|
2013 | |
---|
2014 | #if YYPURE |
---|
2015 | memset(&yystack, 0, sizeof(yystack)); |
---|
2016 | #endif |
---|
2017 | |
---|
2018 | if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; |
---|
2019 | yystack.s_mark = yystack.s_base; |
---|
2020 | yystack.l_mark = yystack.l_base; |
---|
2021 | yystate = 0; |
---|
2022 | *yystack.s_mark = 0; |
---|
2023 | |
---|
2024 | yyloop: |
---|
2025 | if ((yyn = yydefred[yystate]) != 0) goto yyreduce; |
---|
2026 | if (yychar < 0) |
---|
2027 | { |
---|
2028 | yychar = YYLEX; |
---|
2029 | if (yychar < 0) yychar = YYEOF; |
---|
2030 | #if YYDEBUG |
---|
2031 | if (yydebug) |
---|
2032 | { |
---|
2033 | if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; |
---|
2034 | printf("%sdebug: state %d, reading %d (%s)\n", |
---|
2035 | YYPREFIX, yystate, yychar, yys); |
---|
2036 | } |
---|
2037 | #endif |
---|
2038 | } |
---|
2039 | if (((yyn = yysindex[yystate]) != 0) && (yyn += yychar) >= 0 && |
---|
2040 | yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar) |
---|
2041 | { |
---|
2042 | #if YYDEBUG |
---|
2043 | if (yydebug) |
---|
2044 | printf("%sdebug: state %d, shifting to state %d\n", |
---|
2045 | YYPREFIX, yystate, yytable[yyn]); |
---|
2046 | #endif |
---|
2047 | if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; |
---|
2048 | yystate = yytable[yyn]; |
---|
2049 | *++yystack.s_mark = yytable[yyn]; |
---|
2050 | *++yystack.l_mark = yylval; |
---|
2051 | yychar = YYEMPTY; |
---|
2052 | if (yyerrflag > 0) --yyerrflag; |
---|
2053 | goto yyloop; |
---|
2054 | } |
---|
2055 | if (((yyn = yyrindex[yystate]) != 0) && (yyn += yychar) >= 0 && |
---|
2056 | yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar) |
---|
2057 | { |
---|
2058 | yyn = yytable[yyn]; |
---|
2059 | goto yyreduce; |
---|
2060 | } |
---|
2061 | if (yyerrflag != 0) goto yyinrecovery; |
---|
2062 | |
---|
2063 | YYERROR_CALL("syntax error"); |
---|
2064 | |
---|
2065 | goto yyerrlab; /* redundant goto avoids 'unused label' warning */ |
---|
2066 | yyerrlab: |
---|
2067 | ++yynerrs; |
---|
2068 | |
---|
2069 | yyinrecovery: |
---|
2070 | if (yyerrflag < 3) |
---|
2071 | { |
---|
2072 | yyerrflag = 3; |
---|
2073 | for (;;) |
---|
2074 | { |
---|
2075 | if (((yyn = yysindex[*yystack.s_mark]) != 0) && (yyn += YYERRCODE) >= 0 && |
---|
2076 | yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) YYERRCODE) |
---|
2077 | { |
---|
2078 | #if YYDEBUG |
---|
2079 | if (yydebug) |
---|
2080 | printf("%sdebug: state %d, error recovery shifting\ |
---|
2081 | to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]); |
---|
2082 | #endif |
---|
2083 | if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; |
---|
2084 | yystate = yytable[yyn]; |
---|
2085 | *++yystack.s_mark = yytable[yyn]; |
---|
2086 | *++yystack.l_mark = yylval; |
---|
2087 | goto yyloop; |
---|
2088 | } |
---|
2089 | else |
---|
2090 | { |
---|
2091 | #if YYDEBUG |
---|
2092 | if (yydebug) |
---|
2093 | printf("%sdebug: error recovery discarding state %d\n", |
---|
2094 | YYPREFIX, *yystack.s_mark); |
---|
2095 | #endif |
---|
2096 | if (yystack.s_mark <= yystack.s_base) goto yyabort; |
---|
2097 | --yystack.s_mark; |
---|
2098 | --yystack.l_mark; |
---|
2099 | } |
---|
2100 | } |
---|
2101 | } |
---|
2102 | else |
---|
2103 | { |
---|
2104 | if (yychar == YYEOF) goto yyabort; |
---|
2105 | #if YYDEBUG |
---|
2106 | if (yydebug) |
---|
2107 | { |
---|
2108 | if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; |
---|
2109 | printf("%sdebug: state %d, error recovery discards token %d (%s)\n", |
---|
2110 | YYPREFIX, yystate, yychar, yys); |
---|
2111 | } |
---|
2112 | #endif |
---|
2113 | yychar = YYEMPTY; |
---|
2114 | goto yyloop; |
---|
2115 | } |
---|
2116 | |
---|
2117 | yyreduce: |
---|
2118 | #if YYDEBUG |
---|
2119 | if (yydebug) |
---|
2120 | printf("%sdebug: state %d, reducing by rule %d (%s)\n", |
---|
2121 | YYPREFIX, yystate, yyn, yyrule[yyn]); |
---|
2122 | #endif |
---|
2123 | yym = yylen[yyn]; |
---|
2124 | if (yym > 0) |
---|
2125 | yyval = yystack.l_mark[1-yym]; |
---|
2126 | else |
---|
2127 | memset(&yyval, 0, sizeof yyval); |
---|
2128 | |
---|
2129 | switch (yyn) |
---|
2130 | { |
---|
2131 | case 21: |
---|
2132 | #line 368 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2133 | { |
---|
2134 | struct passwd *pw; |
---|
2135 | |
---|
2136 | if ((pw = getpwnam(yystack.l_mark[0].val->v)) == NULL) { |
---|
2137 | yyerror("unknown user \"%s\"", yystack.l_mark[0].val->v); |
---|
2138 | return -1; |
---|
2139 | } |
---|
2140 | lcconf->uid = pw->pw_uid; |
---|
2141 | } |
---|
2142 | break; |
---|
2143 | case 23: |
---|
2144 | #line 378 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2145 | { lcconf->uid = yystack.l_mark[0].num; } |
---|
2146 | break; |
---|
2147 | case 25: |
---|
2148 | #line 380 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2149 | { |
---|
2150 | struct group *gr; |
---|
2151 | |
---|
2152 | if ((gr = getgrnam(yystack.l_mark[0].val->v)) == NULL) { |
---|
2153 | yyerror("unknown group \"%s\"", yystack.l_mark[0].val->v); |
---|
2154 | return -1; |
---|
2155 | } |
---|
2156 | lcconf->gid = gr->gr_gid; |
---|
2157 | } |
---|
2158 | break; |
---|
2159 | case 27: |
---|
2160 | #line 390 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2161 | { lcconf->gid = yystack.l_mark[0].num; } |
---|
2162 | break; |
---|
2163 | case 29: |
---|
2164 | #line 391 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2165 | { lcconf->chroot = yystack.l_mark[0].val->v; } |
---|
2166 | break; |
---|
2167 | case 31: |
---|
2168 | #line 397 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2169 | { |
---|
2170 | if (yystack.l_mark[-1].num >= LC_PATHTYPE_MAX) { |
---|
2171 | yyerror("invalid path type %d", yystack.l_mark[-1].num); |
---|
2172 | return -1; |
---|
2173 | } |
---|
2174 | |
---|
2175 | /* free old pathinfo */ |
---|
2176 | if (lcconf->pathinfo[yystack.l_mark[-1].num]) |
---|
2177 | racoon_free(lcconf->pathinfo[yystack.l_mark[-1].num]); |
---|
2178 | |
---|
2179 | /* set new pathinfo */ |
---|
2180 | lcconf->pathinfo[yystack.l_mark[-1].num] = racoon_strdup(yystack.l_mark[0].val->v); |
---|
2181 | STRDUP_FATAL(lcconf->pathinfo[yystack.l_mark[-1].num]); |
---|
2182 | vfree(yystack.l_mark[0].val); |
---|
2183 | } |
---|
2184 | break; |
---|
2185 | case 33: |
---|
2186 | #line 417 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2187 | { lcconf->complex_bundle = yystack.l_mark[0].num; } |
---|
2188 | break; |
---|
2189 | case 35: |
---|
2190 | #line 423 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2191 | { |
---|
2192 | char path[MAXPATHLEN]; |
---|
2193 | |
---|
2194 | getpathname(path, sizeof(path), |
---|
2195 | LC_PATHTYPE_INCLUDE, yystack.l_mark[-1].val->v); |
---|
2196 | vfree(yystack.l_mark[-1].val); |
---|
2197 | if (yycf_switch_buffer(path) != 0) |
---|
2198 | return -1; |
---|
2199 | } |
---|
2200 | break; |
---|
2201 | case 36: |
---|
2202 | #line 437 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2203 | { |
---|
2204 | lcconf->pfkey_buffer_size = yystack.l_mark[-1].num; |
---|
2205 | } |
---|
2206 | break; |
---|
2207 | case 37: |
---|
2208 | #line 444 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2209 | { |
---|
2210 | if (yystack.l_mark[-1].num >= LC_GSSENC_MAX) { |
---|
2211 | yyerror("invalid GSS ID encoding %d", yystack.l_mark[-1].num); |
---|
2212 | return -1; |
---|
2213 | } |
---|
2214 | lcconf->gss_id_enc = yystack.l_mark[-1].num; |
---|
2215 | } |
---|
2216 | break; |
---|
2217 | case 39: |
---|
2218 | #line 459 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2219 | { |
---|
2220 | /* |
---|
2221 | * set the loglevel to the value specified |
---|
2222 | * in the configuration file plus the number |
---|
2223 | * of -d options specified on the command line |
---|
2224 | */ |
---|
2225 | loglevel += yystack.l_mark[0].num - oldloglevel; |
---|
2226 | oldloglevel = yystack.l_mark[0].num; |
---|
2227 | } |
---|
2228 | break; |
---|
2229 | case 43: |
---|
2230 | #line 479 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2231 | { lcconf->pad_random = yystack.l_mark[0].num; } |
---|
2232 | break; |
---|
2233 | case 45: |
---|
2234 | #line 480 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2235 | { lcconf->pad_randomlen = yystack.l_mark[0].num; } |
---|
2236 | break; |
---|
2237 | case 47: |
---|
2238 | #line 481 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2239 | { lcconf->pad_maxsize = yystack.l_mark[0].num; } |
---|
2240 | break; |
---|
2241 | case 49: |
---|
2242 | #line 482 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2243 | { lcconf->pad_strict = yystack.l_mark[0].num; } |
---|
2244 | break; |
---|
2245 | case 51: |
---|
2246 | #line 483 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2247 | { lcconf->pad_excltail = yystack.l_mark[0].num; } |
---|
2248 | break; |
---|
2249 | case 56: |
---|
2250 | #line 496 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2251 | { |
---|
2252 | myaddr_listen(yystack.l_mark[0].saddr, FALSE); |
---|
2253 | racoon_free(yystack.l_mark[0].saddr); |
---|
2254 | } |
---|
2255 | break; |
---|
2256 | case 58: |
---|
2257 | #line 502 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2258 | { |
---|
2259 | #ifdef ENABLE_NATT |
---|
2260 | myaddr_listen(yystack.l_mark[0].saddr, TRUE); |
---|
2261 | racoon_free(yystack.l_mark[0].saddr); |
---|
2262 | #else |
---|
2263 | racoon_free(yystack.l_mark[0].saddr); |
---|
2264 | yyerror("NAT-T support not compiled in."); |
---|
2265 | #endif |
---|
2266 | } |
---|
2267 | break; |
---|
2268 | case 60: |
---|
2269 | #line 513 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2270 | { |
---|
2271 | #ifdef ENABLE_ADMINPORT |
---|
2272 | adminsock_conf(yystack.l_mark[-3].val, yystack.l_mark[-2].val, yystack.l_mark[-1].val, yystack.l_mark[0].num); |
---|
2273 | #else |
---|
2274 | yywarn("admin port support not compiled in"); |
---|
2275 | #endif |
---|
2276 | } |
---|
2277 | break; |
---|
2278 | case 62: |
---|
2279 | #line 522 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2280 | { |
---|
2281 | #ifdef ENABLE_ADMINPORT |
---|
2282 | adminsock_conf(yystack.l_mark[0].val, NULL, NULL, -1); |
---|
2283 | #else |
---|
2284 | yywarn("admin port support not compiled in"); |
---|
2285 | #endif |
---|
2286 | } |
---|
2287 | break; |
---|
2288 | case 64: |
---|
2289 | #line 531 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2290 | { |
---|
2291 | #ifdef ENABLE_ADMINPORT |
---|
2292 | adminsock_path = NULL; |
---|
2293 | #else |
---|
2294 | yywarn("admin port support not compiled in"); |
---|
2295 | #endif |
---|
2296 | } |
---|
2297 | break; |
---|
2298 | case 66: |
---|
2299 | #line 539 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2300 | { lcconf->strict_address = TRUE; } |
---|
2301 | break; |
---|
2302 | case 68: |
---|
2303 | #line 543 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2304 | { |
---|
2305 | char portbuf[10]; |
---|
2306 | |
---|
2307 | snprintf(portbuf, sizeof(portbuf), "%ld", yystack.l_mark[0].num); |
---|
2308 | yyval.saddr = str2saddr(yystack.l_mark[-1].val->v, portbuf); |
---|
2309 | vfree(yystack.l_mark[-1].val); |
---|
2310 | if (!yyval.saddr) |
---|
2311 | return -1; |
---|
2312 | } |
---|
2313 | break; |
---|
2314 | case 69: |
---|
2315 | #line 554 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2316 | { yyval.num = PORT_ISAKMP; } |
---|
2317 | break; |
---|
2318 | case 70: |
---|
2319 | #line 555 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2320 | { yyval.num = yystack.l_mark[0].num; } |
---|
2321 | break; |
---|
2322 | case 71: |
---|
2323 | #line 560 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2324 | { |
---|
2325 | #ifndef ENABLE_HYBRID |
---|
2326 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2327 | return -1; |
---|
2328 | #endif |
---|
2329 | #ifndef HAVE_LIBRADIUS |
---|
2330 | yyerror("racoon not configured with --with-libradius"); |
---|
2331 | return -1; |
---|
2332 | #endif |
---|
2333 | #ifdef ENABLE_HYBRID |
---|
2334 | #ifdef HAVE_LIBRADIUS |
---|
2335 | xauth_rad_config.timeout = 3; |
---|
2336 | xauth_rad_config.retries = 3; |
---|
2337 | #endif |
---|
2338 | #endif |
---|
2339 | } |
---|
2340 | break; |
---|
2341 | case 75: |
---|
2342 | #line 583 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2343 | { |
---|
2344 | #ifdef ENABLE_HYBRID |
---|
2345 | #ifdef HAVE_LIBRADIUS |
---|
2346 | int i = xauth_rad_config.auth_server_count; |
---|
2347 | if (i == RADIUS_MAX_SERVERS) { |
---|
2348 | yyerror("maximum radius auth servers exceeded"); |
---|
2349 | return -1; |
---|
2350 | } |
---|
2351 | |
---|
2352 | xauth_rad_config.auth_server_list[i].host = vdup(yystack.l_mark[-1].val); |
---|
2353 | xauth_rad_config.auth_server_list[i].secret = vdup(yystack.l_mark[0].val); |
---|
2354 | xauth_rad_config.auth_server_list[i].port = 0; /* default port*/ |
---|
2355 | xauth_rad_config.auth_server_count++; |
---|
2356 | #endif |
---|
2357 | #endif |
---|
2358 | } |
---|
2359 | break; |
---|
2360 | case 77: |
---|
2361 | #line 601 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2362 | { |
---|
2363 | #ifdef ENABLE_HYBRID |
---|
2364 | #ifdef HAVE_LIBRADIUS |
---|
2365 | int i = xauth_rad_config.auth_server_count; |
---|
2366 | if (i == RADIUS_MAX_SERVERS) { |
---|
2367 | yyerror("maximum radius auth servers exceeded"); |
---|
2368 | return -1; |
---|
2369 | } |
---|
2370 | |
---|
2371 | xauth_rad_config.auth_server_list[i].host = vdup(yystack.l_mark[-2].val); |
---|
2372 | xauth_rad_config.auth_server_list[i].secret = vdup(yystack.l_mark[0].val); |
---|
2373 | xauth_rad_config.auth_server_list[i].port = yystack.l_mark[-1].num; |
---|
2374 | xauth_rad_config.auth_server_count++; |
---|
2375 | #endif |
---|
2376 | #endif |
---|
2377 | } |
---|
2378 | break; |
---|
2379 | case 79: |
---|
2380 | #line 619 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2381 | { |
---|
2382 | #ifdef ENABLE_HYBRID |
---|
2383 | #ifdef HAVE_LIBRADIUS |
---|
2384 | int i = xauth_rad_config.acct_server_count; |
---|
2385 | if (i == RADIUS_MAX_SERVERS) { |
---|
2386 | yyerror("maximum radius account servers exceeded"); |
---|
2387 | return -1; |
---|
2388 | } |
---|
2389 | |
---|
2390 | xauth_rad_config.acct_server_list[i].host = vdup(yystack.l_mark[-1].val); |
---|
2391 | xauth_rad_config.acct_server_list[i].secret = vdup(yystack.l_mark[0].val); |
---|
2392 | xauth_rad_config.acct_server_list[i].port = 0; /* default port*/ |
---|
2393 | xauth_rad_config.acct_server_count++; |
---|
2394 | #endif |
---|
2395 | #endif |
---|
2396 | } |
---|
2397 | break; |
---|
2398 | case 81: |
---|
2399 | #line 637 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2400 | { |
---|
2401 | #ifdef ENABLE_HYBRID |
---|
2402 | #ifdef HAVE_LIBRADIUS |
---|
2403 | int i = xauth_rad_config.acct_server_count; |
---|
2404 | if (i == RADIUS_MAX_SERVERS) { |
---|
2405 | yyerror("maximum radius account servers exceeded"); |
---|
2406 | return -1; |
---|
2407 | } |
---|
2408 | |
---|
2409 | xauth_rad_config.acct_server_list[i].host = vdup(yystack.l_mark[-2].val); |
---|
2410 | xauth_rad_config.acct_server_list[i].secret = vdup(yystack.l_mark[0].val); |
---|
2411 | xauth_rad_config.acct_server_list[i].port = yystack.l_mark[-1].num; |
---|
2412 | xauth_rad_config.acct_server_count++; |
---|
2413 | #endif |
---|
2414 | #endif |
---|
2415 | } |
---|
2416 | break; |
---|
2417 | case 83: |
---|
2418 | #line 655 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2419 | { |
---|
2420 | #ifdef ENABLE_HYBRID |
---|
2421 | #ifdef HAVE_LIBRADIUS |
---|
2422 | xauth_rad_config.timeout = yystack.l_mark[0].num; |
---|
2423 | #endif |
---|
2424 | #endif |
---|
2425 | } |
---|
2426 | break; |
---|
2427 | case 85: |
---|
2428 | #line 664 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2429 | { |
---|
2430 | #ifdef ENABLE_HYBRID |
---|
2431 | #ifdef HAVE_LIBRADIUS |
---|
2432 | xauth_rad_config.retries = yystack.l_mark[0].num; |
---|
2433 | #endif |
---|
2434 | #endif |
---|
2435 | } |
---|
2436 | break; |
---|
2437 | case 87: |
---|
2438 | #line 676 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2439 | { |
---|
2440 | #ifndef ENABLE_HYBRID |
---|
2441 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2442 | return -1; |
---|
2443 | #endif |
---|
2444 | #ifndef HAVE_LIBLDAP |
---|
2445 | yyerror("racoon not configured with --with-libldap"); |
---|
2446 | return -1; |
---|
2447 | #endif |
---|
2448 | } |
---|
2449 | break; |
---|
2450 | case 91: |
---|
2451 | #line 693 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2452 | { |
---|
2453 | #ifdef ENABLE_HYBRID |
---|
2454 | #ifdef HAVE_LIBLDAP |
---|
2455 | if ((yystack.l_mark[0].num<2)||(yystack.l_mark[0].num>3)) |
---|
2456 | yyerror("invalid ldap protocol version (2|3)"); |
---|
2457 | xauth_ldap_config.pver = yystack.l_mark[0].num; |
---|
2458 | #endif |
---|
2459 | #endif |
---|
2460 | } |
---|
2461 | break; |
---|
2462 | case 93: |
---|
2463 | #line 704 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2464 | { |
---|
2465 | #ifdef ENABLE_HYBRID |
---|
2466 | #ifdef HAVE_LIBLDAP |
---|
2467 | if (xauth_ldap_config.host != NULL) |
---|
2468 | vfree(xauth_ldap_config.host); |
---|
2469 | xauth_ldap_config.host = vdup(yystack.l_mark[0].val); |
---|
2470 | #endif |
---|
2471 | #endif |
---|
2472 | } |
---|
2473 | break; |
---|
2474 | case 95: |
---|
2475 | #line 715 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2476 | { |
---|
2477 | #ifdef ENABLE_HYBRID |
---|
2478 | #ifdef HAVE_LIBLDAP |
---|
2479 | xauth_ldap_config.port = yystack.l_mark[0].num; |
---|
2480 | #endif |
---|
2481 | #endif |
---|
2482 | } |
---|
2483 | break; |
---|
2484 | case 97: |
---|
2485 | #line 724 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2486 | { |
---|
2487 | #ifdef ENABLE_HYBRID |
---|
2488 | #ifdef HAVE_LIBLDAP |
---|
2489 | if (xauth_ldap_config.base != NULL) |
---|
2490 | vfree(xauth_ldap_config.base); |
---|
2491 | xauth_ldap_config.base = vdup(yystack.l_mark[0].val); |
---|
2492 | #endif |
---|
2493 | #endif |
---|
2494 | } |
---|
2495 | break; |
---|
2496 | case 99: |
---|
2497 | #line 735 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2498 | { |
---|
2499 | #ifdef ENABLE_HYBRID |
---|
2500 | #ifdef HAVE_LIBLDAP |
---|
2501 | xauth_ldap_config.subtree = yystack.l_mark[0].num; |
---|
2502 | #endif |
---|
2503 | #endif |
---|
2504 | } |
---|
2505 | break; |
---|
2506 | case 101: |
---|
2507 | #line 744 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2508 | { |
---|
2509 | #ifdef ENABLE_HYBRID |
---|
2510 | #ifdef HAVE_LIBLDAP |
---|
2511 | if (xauth_ldap_config.bind_dn != NULL) |
---|
2512 | vfree(xauth_ldap_config.bind_dn); |
---|
2513 | xauth_ldap_config.bind_dn = vdup(yystack.l_mark[0].val); |
---|
2514 | #endif |
---|
2515 | #endif |
---|
2516 | } |
---|
2517 | break; |
---|
2518 | case 103: |
---|
2519 | #line 755 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2520 | { |
---|
2521 | #ifdef ENABLE_HYBRID |
---|
2522 | #ifdef HAVE_LIBLDAP |
---|
2523 | if (xauth_ldap_config.bind_pw != NULL) |
---|
2524 | vfree(xauth_ldap_config.bind_pw); |
---|
2525 | xauth_ldap_config.bind_pw = vdup(yystack.l_mark[0].val); |
---|
2526 | #endif |
---|
2527 | #endif |
---|
2528 | } |
---|
2529 | break; |
---|
2530 | case 105: |
---|
2531 | #line 766 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2532 | { |
---|
2533 | #ifdef ENABLE_HYBRID |
---|
2534 | #ifdef HAVE_LIBLDAP |
---|
2535 | if (xauth_ldap_config.attr_user != NULL) |
---|
2536 | vfree(xauth_ldap_config.attr_user); |
---|
2537 | xauth_ldap_config.attr_user = vdup(yystack.l_mark[0].val); |
---|
2538 | #endif |
---|
2539 | #endif |
---|
2540 | } |
---|
2541 | break; |
---|
2542 | case 107: |
---|
2543 | #line 777 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2544 | { |
---|
2545 | #ifdef ENABLE_HYBRID |
---|
2546 | #ifdef HAVE_LIBLDAP |
---|
2547 | if (xauth_ldap_config.attr_addr != NULL) |
---|
2548 | vfree(xauth_ldap_config.attr_addr); |
---|
2549 | xauth_ldap_config.attr_addr = vdup(yystack.l_mark[0].val); |
---|
2550 | #endif |
---|
2551 | #endif |
---|
2552 | } |
---|
2553 | break; |
---|
2554 | case 109: |
---|
2555 | #line 788 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2556 | { |
---|
2557 | #ifdef ENABLE_HYBRID |
---|
2558 | #ifdef HAVE_LIBLDAP |
---|
2559 | if (xauth_ldap_config.attr_mask != NULL) |
---|
2560 | vfree(xauth_ldap_config.attr_mask); |
---|
2561 | xauth_ldap_config.attr_mask = vdup(yystack.l_mark[0].val); |
---|
2562 | #endif |
---|
2563 | #endif |
---|
2564 | } |
---|
2565 | break; |
---|
2566 | case 111: |
---|
2567 | #line 799 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2568 | { |
---|
2569 | #ifdef ENABLE_HYBRID |
---|
2570 | #ifdef HAVE_LIBLDAP |
---|
2571 | if (xauth_ldap_config.attr_group != NULL) |
---|
2572 | vfree(xauth_ldap_config.attr_group); |
---|
2573 | xauth_ldap_config.attr_group = vdup(yystack.l_mark[0].val); |
---|
2574 | #endif |
---|
2575 | #endif |
---|
2576 | } |
---|
2577 | break; |
---|
2578 | case 113: |
---|
2579 | #line 810 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2580 | { |
---|
2581 | #ifdef ENABLE_HYBRID |
---|
2582 | #ifdef HAVE_LIBLDAP |
---|
2583 | if (xauth_ldap_config.attr_member != NULL) |
---|
2584 | vfree(xauth_ldap_config.attr_member); |
---|
2585 | xauth_ldap_config.attr_member = vdup(yystack.l_mark[0].val); |
---|
2586 | #endif |
---|
2587 | #endif |
---|
2588 | } |
---|
2589 | break; |
---|
2590 | case 118: |
---|
2591 | #line 832 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2592 | { |
---|
2593 | #ifdef ENABLE_HYBRID |
---|
2594 | if (inet_pton(AF_INET, yystack.l_mark[0].val->v, |
---|
2595 | &isakmp_cfg_config.network4) != 1) |
---|
2596 | yyerror("bad IPv4 network address."); |
---|
2597 | #else |
---|
2598 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2599 | #endif |
---|
2600 | } |
---|
2601 | break; |
---|
2602 | case 120: |
---|
2603 | #line 843 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2604 | { |
---|
2605 | #ifdef ENABLE_HYBRID |
---|
2606 | if (inet_pton(AF_INET, yystack.l_mark[0].val->v, |
---|
2607 | &isakmp_cfg_config.netmask4) != 1) |
---|
2608 | yyerror("bad IPv4 netmask address."); |
---|
2609 | #else |
---|
2610 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2611 | #endif |
---|
2612 | } |
---|
2613 | break; |
---|
2614 | case 124: |
---|
2615 | #line 858 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2616 | { |
---|
2617 | #ifdef ENABLE_HYBRID |
---|
2618 | isakmp_cfg_config.splitnet_type = UNITY_LOCAL_LAN; |
---|
2619 | #else |
---|
2620 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2621 | #endif |
---|
2622 | } |
---|
2623 | break; |
---|
2624 | case 126: |
---|
2625 | #line 867 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2626 | { |
---|
2627 | #ifdef ENABLE_HYBRID |
---|
2628 | isakmp_cfg_config.splitnet_type = UNITY_SPLIT_INCLUDE; |
---|
2629 | #else |
---|
2630 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2631 | #endif |
---|
2632 | } |
---|
2633 | break; |
---|
2634 | case 128: |
---|
2635 | #line 876 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2636 | { |
---|
2637 | #ifndef ENABLE_HYBRID |
---|
2638 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2639 | #endif |
---|
2640 | } |
---|
2641 | break; |
---|
2642 | case 130: |
---|
2643 | #line 883 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2644 | { |
---|
2645 | #ifdef ENABLE_HYBRID |
---|
2646 | strncpy(&isakmp_cfg_config.default_domain[0], |
---|
2647 | yystack.l_mark[0].val->v, MAXPATHLEN); |
---|
2648 | isakmp_cfg_config.default_domain[MAXPATHLEN] = '\0'; |
---|
2649 | vfree(yystack.l_mark[0].val); |
---|
2650 | #else |
---|
2651 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2652 | #endif |
---|
2653 | } |
---|
2654 | break; |
---|
2655 | case 132: |
---|
2656 | #line 895 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2657 | { |
---|
2658 | #ifdef ENABLE_HYBRID |
---|
2659 | isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_SYSTEM; |
---|
2660 | #else |
---|
2661 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2662 | #endif |
---|
2663 | } |
---|
2664 | break; |
---|
2665 | case 134: |
---|
2666 | #line 904 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2667 | { |
---|
2668 | #ifdef ENABLE_HYBRID |
---|
2669 | #ifdef HAVE_LIBRADIUS |
---|
2670 | isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_RADIUS; |
---|
2671 | #else /* HAVE_LIBRADIUS */ |
---|
2672 | yyerror("racoon not configured with --with-libradius"); |
---|
2673 | #endif /* HAVE_LIBRADIUS */ |
---|
2674 | #else /* ENABLE_HYBRID */ |
---|
2675 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2676 | #endif /* ENABLE_HYBRID */ |
---|
2677 | } |
---|
2678 | break; |
---|
2679 | case 136: |
---|
2680 | #line 917 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2681 | { |
---|
2682 | #ifdef ENABLE_HYBRID |
---|
2683 | #ifdef HAVE_LIBPAM |
---|
2684 | isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_PAM; |
---|
2685 | #else /* HAVE_LIBPAM */ |
---|
2686 | yyerror("racoon not configured with --with-libpam"); |
---|
2687 | #endif /* HAVE_LIBPAM */ |
---|
2688 | #else /* ENABLE_HYBRID */ |
---|
2689 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2690 | #endif /* ENABLE_HYBRID */ |
---|
2691 | } |
---|
2692 | break; |
---|
2693 | case 138: |
---|
2694 | #line 930 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2695 | { |
---|
2696 | #ifdef ENABLE_HYBRID |
---|
2697 | #ifdef HAVE_LIBLDAP |
---|
2698 | isakmp_cfg_config.authsource = ISAKMP_CFG_AUTH_LDAP; |
---|
2699 | #else /* HAVE_LIBLDAP */ |
---|
2700 | yyerror("racoon not configured with --with-libldap"); |
---|
2701 | #endif /* HAVE_LIBLDAP */ |
---|
2702 | #else /* ENABLE_HYBRID */ |
---|
2703 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2704 | #endif /* ENABLE_HYBRID */ |
---|
2705 | } |
---|
2706 | break; |
---|
2707 | case 140: |
---|
2708 | #line 943 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2709 | { |
---|
2710 | #ifndef ENABLE_HYBRID |
---|
2711 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2712 | #endif |
---|
2713 | } |
---|
2714 | break; |
---|
2715 | case 142: |
---|
2716 | #line 950 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2717 | { |
---|
2718 | #ifdef ENABLE_HYBRID |
---|
2719 | isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_SYSTEM; |
---|
2720 | #else |
---|
2721 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2722 | #endif |
---|
2723 | } |
---|
2724 | break; |
---|
2725 | case 144: |
---|
2726 | #line 959 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2727 | { |
---|
2728 | #ifdef ENABLE_HYBRID |
---|
2729 | #ifdef HAVE_LIBLDAP |
---|
2730 | isakmp_cfg_config.groupsource = ISAKMP_CFG_GROUP_LDAP; |
---|
2731 | #else /* HAVE_LIBLDAP */ |
---|
2732 | yyerror("racoon not configured with --with-libldap"); |
---|
2733 | #endif /* HAVE_LIBLDAP */ |
---|
2734 | #else /* ENABLE_HYBRID */ |
---|
2735 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2736 | #endif /* ENABLE_HYBRID */ |
---|
2737 | } |
---|
2738 | break; |
---|
2739 | case 146: |
---|
2740 | #line 972 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2741 | { |
---|
2742 | #ifdef ENABLE_HYBRID |
---|
2743 | isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_NONE; |
---|
2744 | #else |
---|
2745 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2746 | #endif |
---|
2747 | } |
---|
2748 | break; |
---|
2749 | case 148: |
---|
2750 | #line 981 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2751 | { |
---|
2752 | #ifdef ENABLE_HYBRID |
---|
2753 | isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_SYSTEM; |
---|
2754 | #else |
---|
2755 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2756 | #endif |
---|
2757 | } |
---|
2758 | break; |
---|
2759 | case 150: |
---|
2760 | #line 990 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2761 | { |
---|
2762 | #ifdef ENABLE_HYBRID |
---|
2763 | #ifdef HAVE_LIBRADIUS |
---|
2764 | isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_RADIUS; |
---|
2765 | #else /* HAVE_LIBRADIUS */ |
---|
2766 | yyerror("racoon not configured with --with-libradius"); |
---|
2767 | #endif /* HAVE_LIBRADIUS */ |
---|
2768 | #else /* ENABLE_HYBRID */ |
---|
2769 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2770 | #endif /* ENABLE_HYBRID */ |
---|
2771 | } |
---|
2772 | break; |
---|
2773 | case 152: |
---|
2774 | #line 1003 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2775 | { |
---|
2776 | #ifdef ENABLE_HYBRID |
---|
2777 | #ifdef HAVE_LIBPAM |
---|
2778 | isakmp_cfg_config.accounting = ISAKMP_CFG_ACCT_PAM; |
---|
2779 | #else /* HAVE_LIBPAM */ |
---|
2780 | yyerror("racoon not configured with --with-libpam"); |
---|
2781 | #endif /* HAVE_LIBPAM */ |
---|
2782 | #else /* ENABLE_HYBRID */ |
---|
2783 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2784 | #endif /* ENABLE_HYBRID */ |
---|
2785 | } |
---|
2786 | break; |
---|
2787 | case 154: |
---|
2788 | #line 1016 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2789 | { |
---|
2790 | #ifdef ENABLE_HYBRID |
---|
2791 | if (isakmp_cfg_resize_pool(yystack.l_mark[0].num) != 0) |
---|
2792 | yyerror("cannot allocate memory for pool"); |
---|
2793 | #else /* ENABLE_HYBRID */ |
---|
2794 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2795 | #endif /* ENABLE_HYBRID */ |
---|
2796 | } |
---|
2797 | break; |
---|
2798 | case 156: |
---|
2799 | #line 1026 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2800 | { |
---|
2801 | #ifdef ENABLE_HYBRID |
---|
2802 | isakmp_cfg_config.pfs_group = yystack.l_mark[0].num; |
---|
2803 | #else /* ENABLE_HYBRID */ |
---|
2804 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2805 | #endif /* ENABLE_HYBRID */ |
---|
2806 | } |
---|
2807 | break; |
---|
2808 | case 158: |
---|
2809 | #line 1035 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2810 | { |
---|
2811 | #ifdef ENABLE_HYBRID |
---|
2812 | isakmp_cfg_config.save_passwd = yystack.l_mark[0].num; |
---|
2813 | #else /* ENABLE_HYBRID */ |
---|
2814 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2815 | #endif /* ENABLE_HYBRID */ |
---|
2816 | } |
---|
2817 | break; |
---|
2818 | case 160: |
---|
2819 | #line 1044 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2820 | { |
---|
2821 | #ifdef ENABLE_HYBRID |
---|
2822 | isakmp_cfg_config.auth_throttle = yystack.l_mark[0].num; |
---|
2823 | #else /* ENABLE_HYBRID */ |
---|
2824 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2825 | #endif /* ENABLE_HYBRID */ |
---|
2826 | } |
---|
2827 | break; |
---|
2828 | case 162: |
---|
2829 | #line 1053 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2830 | { |
---|
2831 | #ifdef ENABLE_HYBRID |
---|
2832 | isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LOCAL; |
---|
2833 | #else /* ENABLE_HYBRID */ |
---|
2834 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2835 | #endif /* ENABLE_HYBRID */ |
---|
2836 | } |
---|
2837 | break; |
---|
2838 | case 164: |
---|
2839 | #line 1062 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2840 | { |
---|
2841 | #ifdef ENABLE_HYBRID |
---|
2842 | #ifdef HAVE_LIBRADIUS |
---|
2843 | isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_RADIUS; |
---|
2844 | #else /* HAVE_LIBRADIUS */ |
---|
2845 | yyerror("racoon not configured with --with-libradius"); |
---|
2846 | #endif /* HAVE_LIBRADIUS */ |
---|
2847 | #else /* ENABLE_HYBRID */ |
---|
2848 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2849 | #endif /* ENABLE_HYBRID */ |
---|
2850 | } |
---|
2851 | break; |
---|
2852 | case 166: |
---|
2853 | #line 1075 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2854 | { |
---|
2855 | #ifdef ENABLE_HYBRID |
---|
2856 | #ifdef HAVE_LIBLDAP |
---|
2857 | isakmp_cfg_config.confsource = ISAKMP_CFG_CONF_LDAP; |
---|
2858 | #else /* HAVE_LIBLDAP */ |
---|
2859 | yyerror("racoon not configured with --with-libldap"); |
---|
2860 | #endif /* HAVE_LIBLDAP */ |
---|
2861 | #else /* ENABLE_HYBRID */ |
---|
2862 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2863 | #endif /* ENABLE_HYBRID */ |
---|
2864 | } |
---|
2865 | break; |
---|
2866 | case 168: |
---|
2867 | #line 1088 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2868 | { |
---|
2869 | #ifdef ENABLE_HYBRID |
---|
2870 | strncpy(&isakmp_cfg_config.motd[0], yystack.l_mark[0].val->v, MAXPATHLEN); |
---|
2871 | isakmp_cfg_config.motd[MAXPATHLEN] = '\0'; |
---|
2872 | vfree(yystack.l_mark[0].val); |
---|
2873 | #else |
---|
2874 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2875 | #endif |
---|
2876 | } |
---|
2877 | break; |
---|
2878 | case 172: |
---|
2879 | #line 1106 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2880 | { |
---|
2881 | #ifdef ENABLE_HYBRID |
---|
2882 | struct isakmp_cfg_config *icc = &isakmp_cfg_config; |
---|
2883 | |
---|
2884 | if (icc->dns4_index > MAXNS) |
---|
2885 | yyerror("No more than %d DNS", MAXNS); |
---|
2886 | if (inet_pton(AF_INET, yystack.l_mark[0].val->v, |
---|
2887 | &icc->dns4[icc->dns4_index++]) != 1) |
---|
2888 | yyerror("bad IPv4 DNS address."); |
---|
2889 | #else |
---|
2890 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2891 | #endif |
---|
2892 | } |
---|
2893 | break; |
---|
2894 | case 175: |
---|
2895 | #line 1127 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2896 | { |
---|
2897 | #ifdef ENABLE_HYBRID |
---|
2898 | struct isakmp_cfg_config *icc = &isakmp_cfg_config; |
---|
2899 | |
---|
2900 | if (icc->nbns4_index > MAXWINS) |
---|
2901 | yyerror("No more than %d WINS", MAXWINS); |
---|
2902 | if (inet_pton(AF_INET, yystack.l_mark[0].val->v, |
---|
2903 | &icc->nbns4[icc->nbns4_index++]) != 1) |
---|
2904 | yyerror("bad IPv4 WINS address."); |
---|
2905 | #else |
---|
2906 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2907 | #endif |
---|
2908 | } |
---|
2909 | break; |
---|
2910 | case 178: |
---|
2911 | #line 1148 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2912 | { |
---|
2913 | #ifdef ENABLE_HYBRID |
---|
2914 | struct isakmp_cfg_config *icc = &isakmp_cfg_config; |
---|
2915 | struct unity_network network; |
---|
2916 | memset(&network,0,sizeof(network)); |
---|
2917 | |
---|
2918 | if (inet_pton(AF_INET, yystack.l_mark[-1].val->v, &network.addr4) != 1) |
---|
2919 | yyerror("bad IPv4 SPLIT address."); |
---|
2920 | |
---|
2921 | /* Turn $2 (the prefix) into a subnet mask */ |
---|
2922 | network.mask4.s_addr = (yystack.l_mark[0].num) ? htonl(~((1 << (32 - yystack.l_mark[0].num)) - 1)) : 0; |
---|
2923 | |
---|
2924 | /* add the network to our list */ |
---|
2925 | if (splitnet_list_add(&icc->splitnet_list, &network,&icc->splitnet_count)) |
---|
2926 | yyerror("Unable to allocate split network"); |
---|
2927 | #else |
---|
2928 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2929 | #endif |
---|
2930 | } |
---|
2931 | break; |
---|
2932 | case 181: |
---|
2933 | #line 1175 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2934 | { |
---|
2935 | #ifdef ENABLE_HYBRID |
---|
2936 | char * groupname = NULL; |
---|
2937 | char ** grouplist = NULL; |
---|
2938 | struct isakmp_cfg_config *icc = &isakmp_cfg_config; |
---|
2939 | |
---|
2940 | grouplist = racoon_realloc(icc->grouplist, |
---|
2941 | sizeof(char**)*(icc->groupcount+1)); |
---|
2942 | if (grouplist == NULL) { |
---|
2943 | yyerror("unable to allocate auth group list"); |
---|
2944 | return -1; |
---|
2945 | } |
---|
2946 | |
---|
2947 | groupname = racoon_malloc(yystack.l_mark[0].val->l+1); |
---|
2948 | if (groupname == NULL) { |
---|
2949 | yyerror("unable to allocate auth group name"); |
---|
2950 | return -1; |
---|
2951 | } |
---|
2952 | |
---|
2953 | memcpy(groupname,yystack.l_mark[0].val->v,yystack.l_mark[0].val->l); |
---|
2954 | groupname[yystack.l_mark[0].val->l]=0; |
---|
2955 | grouplist[icc->groupcount]=groupname; |
---|
2956 | icc->grouplist = grouplist; |
---|
2957 | icc->groupcount++; |
---|
2958 | |
---|
2959 | vfree(yystack.l_mark[0].val); |
---|
2960 | #else |
---|
2961 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2962 | #endif |
---|
2963 | } |
---|
2964 | break; |
---|
2965 | case 184: |
---|
2966 | #line 1213 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
2967 | { |
---|
2968 | #ifdef ENABLE_HYBRID |
---|
2969 | struct isakmp_cfg_config *icc = &isakmp_cfg_config; |
---|
2970 | |
---|
2971 | if (!icc->splitdns_len) |
---|
2972 | { |
---|
2973 | icc->splitdns_list = racoon_malloc(yystack.l_mark[0].val->l); |
---|
2974 | if(icc->splitdns_list == NULL) { |
---|
2975 | yyerror("error allocating splitdns list buffer"); |
---|
2976 | return -1; |
---|
2977 | } |
---|
2978 | memcpy(icc->splitdns_list,yystack.l_mark[0].val->v,yystack.l_mark[0].val->l); |
---|
2979 | icc->splitdns_len = yystack.l_mark[0].val->l; |
---|
2980 | } |
---|
2981 | else |
---|
2982 | { |
---|
2983 | int len = icc->splitdns_len + yystack.l_mark[0].val->l + 1; |
---|
2984 | icc->splitdns_list = racoon_realloc(icc->splitdns_list,len); |
---|
2985 | if(icc->splitdns_list == NULL) { |
---|
2986 | yyerror("error allocating splitdns list buffer"); |
---|
2987 | return -1; |
---|
2988 | } |
---|
2989 | icc->splitdns_list[icc->splitdns_len] = ','; |
---|
2990 | memcpy(icc->splitdns_list + icc->splitdns_len + 1, yystack.l_mark[0].val->v, yystack.l_mark[0].val->l); |
---|
2991 | icc->splitdns_len = len; |
---|
2992 | } |
---|
2993 | vfree(yystack.l_mark[0].val); |
---|
2994 | #else |
---|
2995 | yyerror("racoon not configured with --enable-hybrid"); |
---|
2996 | #endif |
---|
2997 | } |
---|
2998 | break; |
---|
2999 | case 188: |
---|
3000 | #line 1257 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3001 | { |
---|
3002 | lcconf->retry_counter = yystack.l_mark[0].num; |
---|
3003 | } |
---|
3004 | break; |
---|
3005 | case 190: |
---|
3006 | #line 1262 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3007 | { |
---|
3008 | lcconf->retry_interval = yystack.l_mark[-1].num * yystack.l_mark[0].num; |
---|
3009 | } |
---|
3010 | break; |
---|
3011 | case 192: |
---|
3012 | #line 1267 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3013 | { |
---|
3014 | lcconf->count_persend = yystack.l_mark[0].num; |
---|
3015 | } |
---|
3016 | break; |
---|
3017 | case 194: |
---|
3018 | #line 1272 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3019 | { |
---|
3020 | lcconf->retry_checkph1 = yystack.l_mark[-1].num * yystack.l_mark[0].num; |
---|
3021 | } |
---|
3022 | break; |
---|
3023 | case 196: |
---|
3024 | #line 1277 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3025 | { |
---|
3026 | lcconf->wait_ph2complete = yystack.l_mark[-1].num * yystack.l_mark[0].num; |
---|
3027 | } |
---|
3028 | break; |
---|
3029 | case 198: |
---|
3030 | #line 1282 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3031 | { |
---|
3032 | #ifdef ENABLE_NATT |
---|
3033 | if (libipsec_opt & LIBIPSEC_OPT_NATT) |
---|
3034 | lcconf->natt_ka_interval = yystack.l_mark[-1].num * yystack.l_mark[0].num; |
---|
3035 | else |
---|
3036 | yyerror("libipsec lacks NAT-T support"); |
---|
3037 | #else |
---|
3038 | yyerror("NAT-T support not compiled in."); |
---|
3039 | #endif |
---|
3040 | } |
---|
3041 | break; |
---|
3042 | case 200: |
---|
3043 | #line 1298 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3044 | { |
---|
3045 | cur_sainfo = newsainfo(); |
---|
3046 | if (cur_sainfo == NULL) { |
---|
3047 | yyerror("failed to allocate sainfo"); |
---|
3048 | return -1; |
---|
3049 | } |
---|
3050 | } |
---|
3051 | break; |
---|
3052 | case 201: |
---|
3053 | #line 1306 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3054 | { |
---|
3055 | struct sainfo *check; |
---|
3056 | |
---|
3057 | /* default */ |
---|
3058 | if (cur_sainfo->algs[algclass_ipsec_enc] == 0) { |
---|
3059 | yyerror("no encryption algorithm at %s", |
---|
3060 | sainfo2str(cur_sainfo)); |
---|
3061 | return -1; |
---|
3062 | } |
---|
3063 | if (cur_sainfo->algs[algclass_ipsec_auth] == 0) { |
---|
3064 | yyerror("no authentication algorithm at %s", |
---|
3065 | sainfo2str(cur_sainfo)); |
---|
3066 | return -1; |
---|
3067 | } |
---|
3068 | if (cur_sainfo->algs[algclass_ipsec_comp] == 0) { |
---|
3069 | yyerror("no compression algorithm at %s", |
---|
3070 | sainfo2str(cur_sainfo)); |
---|
3071 | return -1; |
---|
3072 | } |
---|
3073 | |
---|
3074 | /* duplicate check */ |
---|
3075 | check = getsainfo(cur_sainfo->idsrc, |
---|
3076 | cur_sainfo->iddst, |
---|
3077 | cur_sainfo->id_i, |
---|
3078 | NULL, |
---|
3079 | cur_sainfo->remoteid); |
---|
3080 | |
---|
3081 | if (check && ((check->idsrc != SAINFO_ANONYMOUS) && |
---|
3082 | (cur_sainfo->idsrc != SAINFO_ANONYMOUS))) { |
---|
3083 | yyerror("duplicated sainfo: %s", |
---|
3084 | sainfo2str(cur_sainfo)); |
---|
3085 | return -1; |
---|
3086 | } |
---|
3087 | |
---|
3088 | inssainfo(cur_sainfo); |
---|
3089 | } |
---|
3090 | break; |
---|
3091 | case 203: |
---|
3092 | #line 1346 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3093 | { |
---|
3094 | cur_sainfo->idsrc = SAINFO_ANONYMOUS; |
---|
3095 | cur_sainfo->iddst = SAINFO_ANONYMOUS; |
---|
3096 | } |
---|
3097 | break; |
---|
3098 | case 204: |
---|
3099 | #line 1351 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3100 | { |
---|
3101 | cur_sainfo->idsrc = SAINFO_ANONYMOUS; |
---|
3102 | cur_sainfo->iddst = SAINFO_CLIENTADDR; |
---|
3103 | } |
---|
3104 | break; |
---|
3105 | case 205: |
---|
3106 | #line 1356 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3107 | { |
---|
3108 | cur_sainfo->idsrc = SAINFO_ANONYMOUS; |
---|
3109 | cur_sainfo->iddst = yystack.l_mark[0].val; |
---|
3110 | } |
---|
3111 | break; |
---|
3112 | case 206: |
---|
3113 | #line 1361 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3114 | { |
---|
3115 | cur_sainfo->idsrc = yystack.l_mark[-1].val; |
---|
3116 | cur_sainfo->iddst = SAINFO_ANONYMOUS; |
---|
3117 | } |
---|
3118 | break; |
---|
3119 | case 207: |
---|
3120 | #line 1366 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3121 | { |
---|
3122 | cur_sainfo->idsrc = yystack.l_mark[-1].val; |
---|
3123 | cur_sainfo->iddst = SAINFO_CLIENTADDR; |
---|
3124 | } |
---|
3125 | break; |
---|
3126 | case 208: |
---|
3127 | #line 1371 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3128 | { |
---|
3129 | cur_sainfo->idsrc = yystack.l_mark[-1].val; |
---|
3130 | cur_sainfo->iddst = yystack.l_mark[0].val; |
---|
3131 | } |
---|
3132 | break; |
---|
3133 | case 209: |
---|
3134 | #line 1378 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3135 | { |
---|
3136 | char portbuf[10]; |
---|
3137 | struct sockaddr *saddr; |
---|
3138 | |
---|
3139 | if ((yystack.l_mark[0].num == IPPROTO_ICMP || yystack.l_mark[0].num == IPPROTO_ICMPV6) |
---|
3140 | && (yystack.l_mark[-1].num != IPSEC_PORT_ANY || yystack.l_mark[-1].num != IPSEC_PORT_ANY)) { |
---|
3141 | yyerror("port number must be \"any\"."); |
---|
3142 | return -1; |
---|
3143 | } |
---|
3144 | |
---|
3145 | snprintf(portbuf, sizeof(portbuf), "%lu", yystack.l_mark[-1].num); |
---|
3146 | saddr = str2saddr(yystack.l_mark[-3].val->v, portbuf); |
---|
3147 | vfree(yystack.l_mark[-3].val); |
---|
3148 | if (saddr == NULL) |
---|
3149 | return -1; |
---|
3150 | |
---|
3151 | switch (saddr->sa_family) { |
---|
3152 | case AF_INET: |
---|
3153 | if (yystack.l_mark[0].num == IPPROTO_ICMPV6) { |
---|
3154 | yyerror("upper layer protocol mismatched.\n"); |
---|
3155 | racoon_free(saddr); |
---|
3156 | return -1; |
---|
3157 | } |
---|
3158 | yyval.val = ipsecdoi_sockaddr2id(saddr, |
---|
3159 | yystack.l_mark[-2].num == ~0 ? (sizeof(struct in_addr) << 3): yystack.l_mark[-2].num, |
---|
3160 | yystack.l_mark[0].num); |
---|
3161 | break; |
---|
3162 | #ifdef INET6 |
---|
3163 | case AF_INET6: |
---|
3164 | if (yystack.l_mark[0].num == IPPROTO_ICMP) { |
---|
3165 | yyerror("upper layer protocol mismatched.\n"); |
---|
3166 | racoon_free(saddr); |
---|
3167 | return -1; |
---|
3168 | } |
---|
3169 | yyval.val = ipsecdoi_sockaddr2id(saddr, |
---|
3170 | yystack.l_mark[-2].num == ~0 ? (sizeof(struct in6_addr) << 3): yystack.l_mark[-2].num, |
---|
3171 | yystack.l_mark[0].num); |
---|
3172 | break; |
---|
3173 | #endif |
---|
3174 | default: |
---|
3175 | yyerror("invalid family: %d", saddr->sa_family); |
---|
3176 | yyval.val = NULL; |
---|
3177 | break; |
---|
3178 | } |
---|
3179 | racoon_free(saddr); |
---|
3180 | if (yyval.val == NULL) |
---|
3181 | return -1; |
---|
3182 | } |
---|
3183 | break; |
---|
3184 | case 210: |
---|
3185 | #line 1427 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3186 | { |
---|
3187 | char portbuf[10]; |
---|
3188 | struct sockaddr *laddr = NULL, *haddr = NULL; |
---|
3189 | char *cur = NULL; |
---|
3190 | |
---|
3191 | if ((yystack.l_mark[0].num == IPPROTO_ICMP || yystack.l_mark[0].num == IPPROTO_ICMPV6) |
---|
3192 | && (yystack.l_mark[-1].num != IPSEC_PORT_ANY || yystack.l_mark[-1].num != IPSEC_PORT_ANY)) { |
---|
3193 | yyerror("port number must be \"any\"."); |
---|
3194 | return -1; |
---|
3195 | } |
---|
3196 | |
---|
3197 | snprintf(portbuf, sizeof(portbuf), "%lu", yystack.l_mark[-1].num); |
---|
3198 | |
---|
3199 | laddr = str2saddr(yystack.l_mark[-4].val->v, portbuf); |
---|
3200 | if (laddr == NULL) { |
---|
3201 | return -1; |
---|
3202 | } |
---|
3203 | vfree(yystack.l_mark[-4].val); |
---|
3204 | haddr = str2saddr(yystack.l_mark[-3].val->v, portbuf); |
---|
3205 | if (haddr == NULL) { |
---|
3206 | racoon_free(laddr); |
---|
3207 | return -1; |
---|
3208 | } |
---|
3209 | vfree(yystack.l_mark[-3].val); |
---|
3210 | |
---|
3211 | switch (laddr->sa_family) { |
---|
3212 | case AF_INET: |
---|
3213 | if (yystack.l_mark[0].num == IPPROTO_ICMPV6) { |
---|
3214 | yyerror("upper layer protocol mismatched.\n"); |
---|
3215 | if (laddr) |
---|
3216 | racoon_free(laddr); |
---|
3217 | if (haddr) |
---|
3218 | racoon_free(haddr); |
---|
3219 | return -1; |
---|
3220 | } |
---|
3221 | yyval.val = ipsecdoi_sockrange2id(laddr, haddr, |
---|
3222 | yystack.l_mark[0].num); |
---|
3223 | break; |
---|
3224 | #ifdef INET6 |
---|
3225 | case AF_INET6: |
---|
3226 | if (yystack.l_mark[0].num == IPPROTO_ICMP) { |
---|
3227 | yyerror("upper layer protocol mismatched.\n"); |
---|
3228 | if (laddr) |
---|
3229 | racoon_free(laddr); |
---|
3230 | if (haddr) |
---|
3231 | racoon_free(haddr); |
---|
3232 | return -1; |
---|
3233 | } |
---|
3234 | yyval.val = ipsecdoi_sockrange2id(laddr, haddr, |
---|
3235 | yystack.l_mark[0].num); |
---|
3236 | break; |
---|
3237 | #endif |
---|
3238 | default: |
---|
3239 | yyerror("invalid family: %d", laddr->sa_family); |
---|
3240 | yyval.val = NULL; |
---|
3241 | break; |
---|
3242 | } |
---|
3243 | if (laddr) |
---|
3244 | racoon_free(laddr); |
---|
3245 | if (haddr) |
---|
3246 | racoon_free(haddr); |
---|
3247 | if (yyval.val == NULL) |
---|
3248 | return -1; |
---|
3249 | } |
---|
3250 | break; |
---|
3251 | case 211: |
---|
3252 | #line 1492 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3253 | { |
---|
3254 | struct ipsecdoi_id_b *id_b; |
---|
3255 | |
---|
3256 | if (yystack.l_mark[-1].num == IDTYPE_ASN1DN) { |
---|
3257 | yyerror("id type forbidden: %d", yystack.l_mark[-1].num); |
---|
3258 | yyval.val = NULL; |
---|
3259 | return -1; |
---|
3260 | } |
---|
3261 | |
---|
3262 | yystack.l_mark[0].val->l--; |
---|
3263 | |
---|
3264 | yyval.val = vmalloc(sizeof(*id_b) + yystack.l_mark[0].val->l); |
---|
3265 | if (yyval.val == NULL) { |
---|
3266 | yyerror("failed to allocate identifier"); |
---|
3267 | return -1; |
---|
3268 | } |
---|
3269 | |
---|
3270 | id_b = (struct ipsecdoi_id_b *)yyval.val->v; |
---|
3271 | id_b->type = idtype2doi(yystack.l_mark[-1].num); |
---|
3272 | |
---|
3273 | id_b->proto_id = 0; |
---|
3274 | id_b->port = 0; |
---|
3275 | |
---|
3276 | memcpy(yyval.val->v + sizeof(*id_b), yystack.l_mark[0].val->v, yystack.l_mark[0].val->l); |
---|
3277 | } |
---|
3278 | break; |
---|
3279 | case 212: |
---|
3280 | #line 1520 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3281 | { |
---|
3282 | cur_sainfo->id_i = NULL; |
---|
3283 | } |
---|
3284 | break; |
---|
3285 | case 213: |
---|
3286 | #line 1524 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3287 | { |
---|
3288 | struct ipsecdoi_id_b *id_b; |
---|
3289 | vchar_t *idv; |
---|
3290 | |
---|
3291 | if (set_identifier(&idv, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) { |
---|
3292 | yyerror("failed to set identifer.\n"); |
---|
3293 | return -1; |
---|
3294 | } |
---|
3295 | cur_sainfo->id_i = vmalloc(sizeof(*id_b) + idv->l); |
---|
3296 | if (cur_sainfo->id_i == NULL) { |
---|
3297 | yyerror("failed to allocate identifier"); |
---|
3298 | return -1; |
---|
3299 | } |
---|
3300 | |
---|
3301 | id_b = (struct ipsecdoi_id_b *)cur_sainfo->id_i->v; |
---|
3302 | id_b->type = idtype2doi(yystack.l_mark[-1].num); |
---|
3303 | |
---|
3304 | id_b->proto_id = 0; |
---|
3305 | id_b->port = 0; |
---|
3306 | |
---|
3307 | memcpy(cur_sainfo->id_i->v + sizeof(*id_b), |
---|
3308 | idv->v, idv->l); |
---|
3309 | vfree(idv); |
---|
3310 | } |
---|
3311 | break; |
---|
3312 | case 214: |
---|
3313 | #line 1549 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3314 | { |
---|
3315 | #ifdef ENABLE_HYBRID |
---|
3316 | if ((cur_sainfo->group = vdup(yystack.l_mark[0].val)) == NULL) { |
---|
3317 | yyerror("failed to set sainfo xauth group.\n"); |
---|
3318 | return -1; |
---|
3319 | } |
---|
3320 | #else |
---|
3321 | yyerror("racoon not configured with --enable-hybrid"); |
---|
3322 | return -1; |
---|
3323 | #endif |
---|
3324 | } |
---|
3325 | break; |
---|
3326 | case 217: |
---|
3327 | #line 1567 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3328 | { |
---|
3329 | cur_sainfo->pfs_group = yystack.l_mark[0].num; |
---|
3330 | } |
---|
3331 | break; |
---|
3332 | case 219: |
---|
3333 | #line 1572 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3334 | { |
---|
3335 | cur_sainfo->remoteid = yystack.l_mark[0].num; |
---|
3336 | } |
---|
3337 | break; |
---|
3338 | case 221: |
---|
3339 | #line 1577 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3340 | { |
---|
3341 | cur_sainfo->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num; |
---|
3342 | } |
---|
3343 | break; |
---|
3344 | case 223: |
---|
3345 | #line 1582 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3346 | { |
---|
3347 | #if 1 |
---|
3348 | yyerror("byte lifetime support is deprecated"); |
---|
3349 | return -1; |
---|
3350 | #else |
---|
3351 | cur_sainfo->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num); |
---|
3352 | if (cur_sainfo->lifebyte == 0) |
---|
3353 | return -1; |
---|
3354 | #endif |
---|
3355 | } |
---|
3356 | break; |
---|
3357 | case 225: |
---|
3358 | #line 1593 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3359 | { |
---|
3360 | cur_algclass = yystack.l_mark[0].num; |
---|
3361 | } |
---|
3362 | break; |
---|
3363 | case 227: |
---|
3364 | #line 1601 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3365 | { |
---|
3366 | inssainfoalg(&cur_sainfo->algs[cur_algclass], yystack.l_mark[0].alg); |
---|
3367 | } |
---|
3368 | break; |
---|
3369 | case 228: |
---|
3370 | #line 1605 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3371 | { |
---|
3372 | inssainfoalg(&cur_sainfo->algs[cur_algclass], yystack.l_mark[0].alg); |
---|
3373 | } |
---|
3374 | break; |
---|
3375 | case 230: |
---|
3376 | #line 1612 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3377 | { |
---|
3378 | int defklen; |
---|
3379 | |
---|
3380 | yyval.alg = newsainfoalg(); |
---|
3381 | if (yyval.alg == NULL) { |
---|
3382 | yyerror("failed to get algorithm allocation"); |
---|
3383 | return -1; |
---|
3384 | } |
---|
3385 | |
---|
3386 | yyval.alg->alg = algtype2doi(cur_algclass, yystack.l_mark[-1].num); |
---|
3387 | if (yyval.alg->alg == -1) { |
---|
3388 | yyerror("algorithm mismatched"); |
---|
3389 | racoon_free(yyval.alg); |
---|
3390 | yyval.alg = NULL; |
---|
3391 | return -1; |
---|
3392 | } |
---|
3393 | |
---|
3394 | defklen = default_keylen(cur_algclass, yystack.l_mark[-1].num); |
---|
3395 | if (defklen == 0) { |
---|
3396 | if (yystack.l_mark[0].num) { |
---|
3397 | yyerror("keylen not allowed"); |
---|
3398 | racoon_free(yyval.alg); |
---|
3399 | yyval.alg = NULL; |
---|
3400 | return -1; |
---|
3401 | } |
---|
3402 | } else { |
---|
3403 | if (yystack.l_mark[0].num && check_keylen(cur_algclass, yystack.l_mark[-1].num, yystack.l_mark[0].num) < 0) { |
---|
3404 | yyerror("invalid keylen %d", yystack.l_mark[0].num); |
---|
3405 | racoon_free(yyval.alg); |
---|
3406 | yyval.alg = NULL; |
---|
3407 | return -1; |
---|
3408 | } |
---|
3409 | } |
---|
3410 | |
---|
3411 | if (yystack.l_mark[0].num) |
---|
3412 | yyval.alg->encklen = yystack.l_mark[0].num; |
---|
3413 | else |
---|
3414 | yyval.alg->encklen = defklen; |
---|
3415 | |
---|
3416 | /* check if it's supported algorithm by kernel */ |
---|
3417 | if (!(cur_algclass == algclass_ipsec_auth && yystack.l_mark[-1].num == algtype_non_auth) |
---|
3418 | && pk_checkalg(cur_algclass, yystack.l_mark[-1].num, yyval.alg->encklen)) { |
---|
3419 | int a = algclass2doi(cur_algclass); |
---|
3420 | int b = algtype2doi(cur_algclass, yystack.l_mark[-1].num); |
---|
3421 | if (a == IPSECDOI_ATTR_AUTH) |
---|
3422 | a = IPSECDOI_PROTO_IPSEC_AH; |
---|
3423 | yyerror("algorithm %s not supported by the kernel (missing module?)", |
---|
3424 | s_ipsecdoi_trns(a, b)); |
---|
3425 | racoon_free(yyval.alg); |
---|
3426 | yyval.alg = NULL; |
---|
3427 | return -1; |
---|
3428 | } |
---|
3429 | } |
---|
3430 | break; |
---|
3431 | case 231: |
---|
3432 | #line 1667 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3433 | { yyval.num = ~0; } |
---|
3434 | break; |
---|
3435 | case 232: |
---|
3436 | #line 1668 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3437 | { yyval.num = yystack.l_mark[0].num; } |
---|
3438 | break; |
---|
3439 | case 233: |
---|
3440 | #line 1671 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3441 | { yyval.num = IPSEC_PORT_ANY; } |
---|
3442 | break; |
---|
3443 | case 234: |
---|
3444 | #line 1672 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3445 | { yyval.num = yystack.l_mark[0].num; } |
---|
3446 | break; |
---|
3447 | case 235: |
---|
3448 | #line 1673 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3449 | { yyval.num = IPSEC_PORT_ANY; } |
---|
3450 | break; |
---|
3451 | case 236: |
---|
3452 | #line 1676 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3453 | { yyval.num = yystack.l_mark[0].num; } |
---|
3454 | break; |
---|
3455 | case 237: |
---|
3456 | #line 1677 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3457 | { yyval.num = yystack.l_mark[0].num; } |
---|
3458 | break; |
---|
3459 | case 238: |
---|
3460 | #line 1678 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3461 | { yyval.num = IPSEC_ULPROTO_ANY; } |
---|
3462 | break; |
---|
3463 | case 239: |
---|
3464 | #line 1681 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3465 | { yyval.num = 0; } |
---|
3466 | break; |
---|
3467 | case 240: |
---|
3468 | #line 1682 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3469 | { yyval.num = yystack.l_mark[0].num; } |
---|
3470 | break; |
---|
3471 | case 241: |
---|
3472 | #line 1688 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3473 | { |
---|
3474 | struct remoteconf *from, *new; |
---|
3475 | |
---|
3476 | if (getrmconf_by_name(yystack.l_mark[-2].val->v) != NULL) { |
---|
3477 | yyerror("named remoteconf \"%s\" already exists."); |
---|
3478 | return -1; |
---|
3479 | } |
---|
3480 | |
---|
3481 | from = getrmconf_by_name(yystack.l_mark[0].val->v); |
---|
3482 | if (from == NULL) { |
---|
3483 | yyerror("named parent remoteconf \"%s\" does not exist.", |
---|
3484 | yystack.l_mark[0].val->v); |
---|
3485 | return -1; |
---|
3486 | } |
---|
3487 | |
---|
3488 | new = duprmconf_shallow(from); |
---|
3489 | if (new == NULL) { |
---|
3490 | yyerror("failed to duplicate remoteconf from \"%s\".", |
---|
3491 | yystack.l_mark[0].val->v); |
---|
3492 | return -1; |
---|
3493 | } |
---|
3494 | |
---|
3495 | new->name = racoon_strdup(yystack.l_mark[-2].val->v); |
---|
3496 | cur_rmconf = new; |
---|
3497 | |
---|
3498 | vfree(yystack.l_mark[-2].val); |
---|
3499 | vfree(yystack.l_mark[0].val); |
---|
3500 | } |
---|
3501 | break; |
---|
3502 | case 243: |
---|
3503 | #line 1718 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3504 | { |
---|
3505 | struct remoteconf *new; |
---|
3506 | |
---|
3507 | if (getrmconf_by_name(yystack.l_mark[0].val->v) != NULL) { |
---|
3508 | yyerror("Named remoteconf \"%s\" already exists."); |
---|
3509 | return -1; |
---|
3510 | } |
---|
3511 | |
---|
3512 | new = newrmconf(); |
---|
3513 | if (new == NULL) { |
---|
3514 | yyerror("failed to get new remoteconf."); |
---|
3515 | return -1; |
---|
3516 | } |
---|
3517 | new->name = racoon_strdup(yystack.l_mark[0].val->v); |
---|
3518 | cur_rmconf = new; |
---|
3519 | |
---|
3520 | vfree(yystack.l_mark[0].val); |
---|
3521 | } |
---|
3522 | break; |
---|
3523 | case 245: |
---|
3524 | #line 1738 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3525 | { |
---|
3526 | struct remoteconf *from, *new; |
---|
3527 | |
---|
3528 | from = getrmconf(yystack.l_mark[0].saddr, GETRMCONF_F_NO_ANONYMOUS); |
---|
3529 | if (from == NULL) { |
---|
3530 | yyerror("failed to get remoteconf for %s.", |
---|
3531 | saddr2str(yystack.l_mark[0].saddr)); |
---|
3532 | return -1; |
---|
3533 | } |
---|
3534 | |
---|
3535 | new = duprmconf_shallow(from); |
---|
3536 | if (new == NULL) { |
---|
3537 | yyerror("failed to duplicate remoteconf from %s.", |
---|
3538 | saddr2str(yystack.l_mark[0].saddr)); |
---|
3539 | return -1; |
---|
3540 | } |
---|
3541 | |
---|
3542 | racoon_free(yystack.l_mark[0].saddr); |
---|
3543 | new->remote = yystack.l_mark[-2].saddr; |
---|
3544 | cur_rmconf = new; |
---|
3545 | } |
---|
3546 | break; |
---|
3547 | case 247: |
---|
3548 | #line 1761 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3549 | { |
---|
3550 | struct remoteconf *new; |
---|
3551 | |
---|
3552 | new = newrmconf(); |
---|
3553 | if (new == NULL) { |
---|
3554 | yyerror("failed to get new remoteconf."); |
---|
3555 | return -1; |
---|
3556 | } |
---|
3557 | |
---|
3558 | new->remote = yystack.l_mark[0].saddr; |
---|
3559 | cur_rmconf = new; |
---|
3560 | } |
---|
3561 | break; |
---|
3562 | case 250: |
---|
3563 | #line 1779 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3564 | { |
---|
3565 | if (process_rmconf() != 0) |
---|
3566 | return -1; |
---|
3567 | } |
---|
3568 | break; |
---|
3569 | case 251: |
---|
3570 | #line 1787 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3571 | { |
---|
3572 | if (process_rmconf() != 0) |
---|
3573 | return -1; |
---|
3574 | } |
---|
3575 | break; |
---|
3576 | case 252: |
---|
3577 | #line 1794 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3578 | { |
---|
3579 | yyval.saddr = newsaddr(sizeof(struct sockaddr)); |
---|
3580 | yyval.saddr->sa_family = AF_UNSPEC; |
---|
3581 | ((struct sockaddr_in *)yyval.saddr)->sin_port = htons(yystack.l_mark[0].num); |
---|
3582 | } |
---|
3583 | break; |
---|
3584 | case 253: |
---|
3585 | #line 1800 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3586 | { |
---|
3587 | yyval.saddr = yystack.l_mark[0].saddr; |
---|
3588 | if (yyval.saddr == NULL) { |
---|
3589 | yyerror("failed to allocate sockaddr"); |
---|
3590 | return -1; |
---|
3591 | } |
---|
3592 | } |
---|
3593 | break; |
---|
3594 | case 256: |
---|
3595 | #line 1814 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3596 | { |
---|
3597 | if (cur_rmconf->remote != NULL) { |
---|
3598 | yyerror("remote_address already specified"); |
---|
3599 | return -1; |
---|
3600 | } |
---|
3601 | cur_rmconf->remote = yystack.l_mark[0].saddr; |
---|
3602 | } |
---|
3603 | break; |
---|
3604 | case 258: |
---|
3605 | #line 1823 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3606 | { |
---|
3607 | cur_rmconf->etypes = NULL; |
---|
3608 | } |
---|
3609 | break; |
---|
3610 | case 260: |
---|
3611 | #line 1827 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3612 | { cur_rmconf->doitype = yystack.l_mark[0].num; } |
---|
3613 | break; |
---|
3614 | case 262: |
---|
3615 | #line 1828 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3616 | { cur_rmconf->sittype = yystack.l_mark[0].num; } |
---|
3617 | break; |
---|
3618 | case 265: |
---|
3619 | #line 1831 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3620 | { |
---|
3621 | yywarn("This directive without certtype will be removed!\n"); |
---|
3622 | yywarn("Please use 'peers_certfile x509 \"%s\";' instead\n", yystack.l_mark[0].val->v); |
---|
3623 | |
---|
3624 | if (cur_rmconf->peerscert != NULL) { |
---|
3625 | yyerror("peers_certfile already defined\n"); |
---|
3626 | return -1; |
---|
3627 | } |
---|
3628 | |
---|
3629 | if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->peerscertfile, |
---|
3630 | &cur_rmconf->peerscert)) { |
---|
3631 | yyerror("failed to load certificate \"%s\"\n", |
---|
3632 | yystack.l_mark[0].val->v); |
---|
3633 | return -1; |
---|
3634 | } |
---|
3635 | |
---|
3636 | vfree(yystack.l_mark[0].val); |
---|
3637 | } |
---|
3638 | break; |
---|
3639 | case 267: |
---|
3640 | #line 1851 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3641 | { |
---|
3642 | if (cur_rmconf->peerscert != NULL) { |
---|
3643 | yyerror("peers_certfile already defined\n"); |
---|
3644 | return -1; |
---|
3645 | } |
---|
3646 | |
---|
3647 | if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->peerscertfile, |
---|
3648 | &cur_rmconf->peerscert)) { |
---|
3649 | yyerror("failed to load certificate \"%s\"\n", |
---|
3650 | yystack.l_mark[0].val->v); |
---|
3651 | return -1; |
---|
3652 | } |
---|
3653 | |
---|
3654 | vfree(yystack.l_mark[0].val); |
---|
3655 | } |
---|
3656 | break; |
---|
3657 | case 269: |
---|
3658 | #line 1868 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3659 | { |
---|
3660 | char path[MAXPATHLEN]; |
---|
3661 | int ret = 0; |
---|
3662 | |
---|
3663 | if (cur_rmconf->peerscert != NULL) { |
---|
3664 | yyerror("peers_certfile already defined\n"); |
---|
3665 | return -1; |
---|
3666 | } |
---|
3667 | |
---|
3668 | cur_rmconf->peerscert = vmalloc(1); |
---|
3669 | if (cur_rmconf->peerscert == NULL) { |
---|
3670 | yyerror("failed to allocate peerscert"); |
---|
3671 | return -1; |
---|
3672 | } |
---|
3673 | cur_rmconf->peerscert->v[0] = ISAKMP_CERT_PLAINRSA; |
---|
3674 | |
---|
3675 | getpathname(path, sizeof(path), |
---|
3676 | LC_PATHTYPE_CERT, yystack.l_mark[0].val->v); |
---|
3677 | if (rsa_parse_file(cur_rmconf->rsa_public, path, |
---|
3678 | RSA_TYPE_PUBLIC)) { |
---|
3679 | yyerror("Couldn't parse keyfile.\n", path); |
---|
3680 | return -1; |
---|
3681 | } |
---|
3682 | plog(LLV_DEBUG, LOCATION, NULL, |
---|
3683 | "Public PlainRSA keyfile parsed: %s\n", path); |
---|
3684 | |
---|
3685 | vfree(yystack.l_mark[0].val); |
---|
3686 | } |
---|
3687 | break; |
---|
3688 | case 271: |
---|
3689 | #line 1898 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3690 | { |
---|
3691 | if (cur_rmconf->peerscert != NULL) { |
---|
3692 | yyerror("peers_certfile already defined\n"); |
---|
3693 | return -1; |
---|
3694 | } |
---|
3695 | cur_rmconf->peerscert = vmalloc(1); |
---|
3696 | if (cur_rmconf->peerscert == NULL) { |
---|
3697 | yyerror("failed to allocate peerscert"); |
---|
3698 | return -1; |
---|
3699 | } |
---|
3700 | cur_rmconf->peerscert->v[0] = ISAKMP_CERT_DNS; |
---|
3701 | } |
---|
3702 | break; |
---|
3703 | case 273: |
---|
3704 | #line 1912 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3705 | { |
---|
3706 | if (cur_rmconf->cacert != NULL) { |
---|
3707 | yyerror("ca_type already defined\n"); |
---|
3708 | return -1; |
---|
3709 | } |
---|
3710 | |
---|
3711 | if (load_x509(yystack.l_mark[0].val->v, &cur_rmconf->cacertfile, |
---|
3712 | &cur_rmconf->cacert)) { |
---|
3713 | yyerror("failed to load certificate \"%s\"\n", |
---|
3714 | yystack.l_mark[0].val->v); |
---|
3715 | return -1; |
---|
3716 | } |
---|
3717 | |
---|
3718 | vfree(yystack.l_mark[0].val); |
---|
3719 | } |
---|
3720 | break; |
---|
3721 | case 275: |
---|
3722 | #line 1928 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3723 | { cur_rmconf->verify_cert = yystack.l_mark[0].num; } |
---|
3724 | break; |
---|
3725 | case 277: |
---|
3726 | #line 1929 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3727 | { cur_rmconf->send_cert = yystack.l_mark[0].num; } |
---|
3728 | break; |
---|
3729 | case 279: |
---|
3730 | #line 1930 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3731 | { cur_rmconf->send_cr = yystack.l_mark[0].num; } |
---|
3732 | break; |
---|
3733 | case 281: |
---|
3734 | #line 1931 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3735 | { cur_rmconf->match_empty_cr = yystack.l_mark[0].num; } |
---|
3736 | break; |
---|
3737 | case 283: |
---|
3738 | #line 1933 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3739 | { |
---|
3740 | if (set_identifier(&cur_rmconf->idv, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) { |
---|
3741 | yyerror("failed to set identifer.\n"); |
---|
3742 | return -1; |
---|
3743 | } |
---|
3744 | cur_rmconf->idvtype = yystack.l_mark[-1].num; |
---|
3745 | } |
---|
3746 | break; |
---|
3747 | case 285: |
---|
3748 | #line 1942 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3749 | { |
---|
3750 | if (set_identifier_qual(&cur_rmconf->idv, yystack.l_mark[-2].num, yystack.l_mark[0].val, yystack.l_mark[-1].num) != 0) { |
---|
3751 | yyerror("failed to set identifer.\n"); |
---|
3752 | return -1; |
---|
3753 | } |
---|
3754 | cur_rmconf->idvtype = yystack.l_mark[-2].num; |
---|
3755 | } |
---|
3756 | break; |
---|
3757 | case 287: |
---|
3758 | #line 1951 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3759 | { |
---|
3760 | #ifdef ENABLE_HYBRID |
---|
3761 | /* formerly identifier type login */ |
---|
3762 | if (xauth_rmconf_used(&cur_rmconf->xauth) == -1) { |
---|
3763 | yyerror("failed to allocate xauth state\n"); |
---|
3764 | return -1; |
---|
3765 | } |
---|
3766 | if ((cur_rmconf->xauth->login = vdup(yystack.l_mark[0].val)) == NULL) { |
---|
3767 | yyerror("failed to set identifer.\n"); |
---|
3768 | return -1; |
---|
3769 | } |
---|
3770 | #else |
---|
3771 | yyerror("racoon not configured with --enable-hybrid"); |
---|
3772 | #endif |
---|
3773 | } |
---|
3774 | break; |
---|
3775 | case 289: |
---|
3776 | #line 1968 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3777 | { |
---|
3778 | struct idspec *id; |
---|
3779 | id = newidspec(); |
---|
3780 | if (id == NULL) { |
---|
3781 | yyerror("failed to allocate idspec"); |
---|
3782 | return -1; |
---|
3783 | } |
---|
3784 | if (set_identifier(&id->id, yystack.l_mark[-1].num, yystack.l_mark[0].val) != 0) { |
---|
3785 | yyerror("failed to set identifer.\n"); |
---|
3786 | racoon_free(id); |
---|
3787 | return -1; |
---|
3788 | } |
---|
3789 | id->idtype = yystack.l_mark[-1].num; |
---|
3790 | genlist_append (cur_rmconf->idvl_p, id); |
---|
3791 | } |
---|
3792 | break; |
---|
3793 | case 291: |
---|
3794 | #line 1985 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3795 | { |
---|
3796 | struct idspec *id; |
---|
3797 | id = newidspec(); |
---|
3798 | if (id == NULL) { |
---|
3799 | yyerror("failed to allocate idspec"); |
---|
3800 | return -1; |
---|
3801 | } |
---|
3802 | if (set_identifier_qual(&id->id, yystack.l_mark[-2].num, yystack.l_mark[0].val, yystack.l_mark[-1].num) != 0) { |
---|
3803 | yyerror("failed to set identifer.\n"); |
---|
3804 | racoon_free(id); |
---|
3805 | return -1; |
---|
3806 | } |
---|
3807 | id->idtype = yystack.l_mark[-2].num; |
---|
3808 | genlist_append (cur_rmconf->idvl_p, id); |
---|
3809 | } |
---|
3810 | break; |
---|
3811 | case 293: |
---|
3812 | #line 2001 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3813 | { cur_rmconf->verify_identifier = yystack.l_mark[0].num; } |
---|
3814 | break; |
---|
3815 | case 295: |
---|
3816 | #line 2002 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3817 | { cur_rmconf->nonce_size = yystack.l_mark[0].num; } |
---|
3818 | break; |
---|
3819 | case 297: |
---|
3820 | #line 2004 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3821 | { |
---|
3822 | yyerror("dh_group cannot be defined here."); |
---|
3823 | return -1; |
---|
3824 | } |
---|
3825 | break; |
---|
3826 | case 299: |
---|
3827 | #line 2009 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3828 | { cur_rmconf->passive = yystack.l_mark[0].num; } |
---|
3829 | break; |
---|
3830 | case 301: |
---|
3831 | #line 2010 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3832 | { cur_rmconf->ike_frag = yystack.l_mark[0].num; } |
---|
3833 | break; |
---|
3834 | case 303: |
---|
3835 | #line 2011 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3836 | { cur_rmconf->ike_frag = ISAKMP_FRAG_FORCE; } |
---|
3837 | break; |
---|
3838 | case 305: |
---|
3839 | #line 2012 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3840 | { |
---|
3841 | #ifdef SADB_X_EXT_NAT_T_FRAG |
---|
3842 | if (libipsec_opt & LIBIPSEC_OPT_FRAG) |
---|
3843 | cur_rmconf->esp_frag = yystack.l_mark[0].num; |
---|
3844 | else |
---|
3845 | yywarn("libipsec lacks IKE frag support"); |
---|
3846 | #else |
---|
3847 | yywarn("Your kernel does not support esp_frag"); |
---|
3848 | #endif |
---|
3849 | } |
---|
3850 | break; |
---|
3851 | case 307: |
---|
3852 | #line 2022 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3853 | { |
---|
3854 | if (cur_rmconf->script[SCRIPT_PHASE1_UP] != NULL) |
---|
3855 | vfree(cur_rmconf->script[SCRIPT_PHASE1_UP]); |
---|
3856 | |
---|
3857 | cur_rmconf->script[SCRIPT_PHASE1_UP] = |
---|
3858 | script_path_add(vdup(yystack.l_mark[-1].val)); |
---|
3859 | } |
---|
3860 | break; |
---|
3861 | case 309: |
---|
3862 | #line 2029 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3863 | { |
---|
3864 | if (cur_rmconf->script[SCRIPT_PHASE1_DOWN] != NULL) |
---|
3865 | vfree(cur_rmconf->script[SCRIPT_PHASE1_DOWN]); |
---|
3866 | |
---|
3867 | cur_rmconf->script[SCRIPT_PHASE1_DOWN] = |
---|
3868 | script_path_add(vdup(yystack.l_mark[-1].val)); |
---|
3869 | } |
---|
3870 | break; |
---|
3871 | case 311: |
---|
3872 | #line 2036 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3873 | { |
---|
3874 | if (cur_rmconf->script[SCRIPT_PHASE1_DEAD] != NULL) |
---|
3875 | vfree(cur_rmconf->script[SCRIPT_PHASE1_DEAD]); |
---|
3876 | |
---|
3877 | cur_rmconf->script[SCRIPT_PHASE1_DEAD] = |
---|
3878 | script_path_add(vdup(yystack.l_mark[-1].val)); |
---|
3879 | } |
---|
3880 | break; |
---|
3881 | case 313: |
---|
3882 | #line 2043 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3883 | { cur_rmconf->mode_cfg = yystack.l_mark[0].num; } |
---|
3884 | break; |
---|
3885 | case 315: |
---|
3886 | #line 2044 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3887 | { |
---|
3888 | cur_rmconf->weak_phase1_check = yystack.l_mark[0].num; |
---|
3889 | } |
---|
3890 | break; |
---|
3891 | case 317: |
---|
3892 | #line 2047 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3893 | { cur_rmconf->gen_policy = yystack.l_mark[0].num; } |
---|
3894 | break; |
---|
3895 | case 319: |
---|
3896 | #line 2048 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3897 | { cur_rmconf->gen_policy = yystack.l_mark[0].num; } |
---|
3898 | break; |
---|
3899 | case 321: |
---|
3900 | #line 2049 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3901 | { cur_rmconf->support_proxy = yystack.l_mark[0].num; } |
---|
3902 | break; |
---|
3903 | case 323: |
---|
3904 | #line 2050 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3905 | { cur_rmconf->ini_contact = yystack.l_mark[0].num; } |
---|
3906 | break; |
---|
3907 | case 325: |
---|
3908 | #line 2052 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3909 | { |
---|
3910 | #ifdef ENABLE_NATT |
---|
3911 | if (libipsec_opt & LIBIPSEC_OPT_NATT) |
---|
3912 | cur_rmconf->nat_traversal = yystack.l_mark[0].num; |
---|
3913 | else |
---|
3914 | yyerror("libipsec lacks NAT-T support"); |
---|
3915 | #else |
---|
3916 | yyerror("NAT-T support not compiled in."); |
---|
3917 | #endif |
---|
3918 | } |
---|
3919 | break; |
---|
3920 | case 327: |
---|
3921 | #line 2063 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3922 | { |
---|
3923 | #ifdef ENABLE_NATT |
---|
3924 | if (libipsec_opt & LIBIPSEC_OPT_NATT) |
---|
3925 | cur_rmconf->nat_traversal = NATT_FORCE; |
---|
3926 | else |
---|
3927 | yyerror("libipsec lacks NAT-T support"); |
---|
3928 | #else |
---|
3929 | yyerror("NAT-T support not compiled in."); |
---|
3930 | #endif |
---|
3931 | } |
---|
3932 | break; |
---|
3933 | case 329: |
---|
3934 | #line 2074 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3935 | { |
---|
3936 | #ifdef ENABLE_DPD |
---|
3937 | cur_rmconf->dpd = yystack.l_mark[0].num; |
---|
3938 | #else |
---|
3939 | yyerror("DPD support not compiled in."); |
---|
3940 | #endif |
---|
3941 | } |
---|
3942 | break; |
---|
3943 | case 331: |
---|
3944 | #line 2082 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3945 | { |
---|
3946 | #ifdef ENABLE_DPD |
---|
3947 | cur_rmconf->dpd_interval = yystack.l_mark[0].num; |
---|
3948 | #else |
---|
3949 | yyerror("DPD support not compiled in."); |
---|
3950 | #endif |
---|
3951 | } |
---|
3952 | break; |
---|
3953 | case 333: |
---|
3954 | #line 2091 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3955 | { |
---|
3956 | #ifdef ENABLE_DPD |
---|
3957 | cur_rmconf->dpd_retry = yystack.l_mark[0].num; |
---|
3958 | #else |
---|
3959 | yyerror("DPD support not compiled in."); |
---|
3960 | #endif |
---|
3961 | } |
---|
3962 | break; |
---|
3963 | case 335: |
---|
3964 | #line 2100 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3965 | { |
---|
3966 | #ifdef ENABLE_DPD |
---|
3967 | cur_rmconf->dpd_maxfails = yystack.l_mark[0].num; |
---|
3968 | #else |
---|
3969 | yyerror("DPD support not compiled in."); |
---|
3970 | #endif |
---|
3971 | } |
---|
3972 | break; |
---|
3973 | case 337: |
---|
3974 | #line 2108 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3975 | { cur_rmconf->rekey = yystack.l_mark[0].num; } |
---|
3976 | break; |
---|
3977 | case 339: |
---|
3978 | #line 2109 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3979 | { cur_rmconf->rekey = REKEY_FORCE; } |
---|
3980 | break; |
---|
3981 | case 341: |
---|
3982 | #line 2111 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3983 | { |
---|
3984 | cur_rmconf->ph1id = yystack.l_mark[0].num; |
---|
3985 | } |
---|
3986 | break; |
---|
3987 | case 343: |
---|
3988 | #line 2116 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3989 | { |
---|
3990 | cur_rmconf->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num; |
---|
3991 | } |
---|
3992 | break; |
---|
3993 | case 345: |
---|
3994 | #line 2120 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3995 | { cur_rmconf->pcheck_level = yystack.l_mark[0].num; } |
---|
3996 | break; |
---|
3997 | case 347: |
---|
3998 | #line 2122 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
3999 | { |
---|
4000 | #if 1 |
---|
4001 | yyerror("byte lifetime support is deprecated in Phase1"); |
---|
4002 | return -1; |
---|
4003 | #else |
---|
4004 | yywarn("the lifetime of bytes in phase 1 " |
---|
4005 | "will be ignored at the moment."); |
---|
4006 | cur_rmconf->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num); |
---|
4007 | if (cur_rmconf->lifebyte == 0) |
---|
4008 | return -1; |
---|
4009 | #endif |
---|
4010 | } |
---|
4011 | break; |
---|
4012 | case 349: |
---|
4013 | #line 2136 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4014 | { |
---|
4015 | struct secprotospec *spspec; |
---|
4016 | |
---|
4017 | spspec = newspspec(); |
---|
4018 | if (spspec == NULL) |
---|
4019 | return -1; |
---|
4020 | insspspec(cur_rmconf, spspec); |
---|
4021 | } |
---|
4022 | break; |
---|
4023 | case 352: |
---|
4024 | #line 2149 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4025 | { |
---|
4026 | struct etypes *new; |
---|
4027 | new = racoon_malloc(sizeof(struct etypes)); |
---|
4028 | if (new == NULL) { |
---|
4029 | yyerror("failed to allocate etypes"); |
---|
4030 | return -1; |
---|
4031 | } |
---|
4032 | new->type = yystack.l_mark[0].num; |
---|
4033 | new->next = NULL; |
---|
4034 | if (cur_rmconf->etypes == NULL) |
---|
4035 | cur_rmconf->etypes = new; |
---|
4036 | else { |
---|
4037 | struct etypes *p; |
---|
4038 | for (p = cur_rmconf->etypes; |
---|
4039 | p->next != NULL; |
---|
4040 | p = p->next) |
---|
4041 | ; |
---|
4042 | p->next = new; |
---|
4043 | } |
---|
4044 | } |
---|
4045 | break; |
---|
4046 | case 353: |
---|
4047 | #line 2172 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4048 | { |
---|
4049 | if (cur_rmconf->mycert != NULL) { |
---|
4050 | yyerror("certificate_type already defined\n"); |
---|
4051 | return -1; |
---|
4052 | } |
---|
4053 | |
---|
4054 | if (load_x509(yystack.l_mark[-1].val->v, &cur_rmconf->mycertfile, |
---|
4055 | &cur_rmconf->mycert)) { |
---|
4056 | yyerror("failed to load certificate \"%s\"\n", |
---|
4057 | yystack.l_mark[-1].val->v); |
---|
4058 | return -1; |
---|
4059 | } |
---|
4060 | |
---|
4061 | cur_rmconf->myprivfile = racoon_strdup(yystack.l_mark[0].val->v); |
---|
4062 | STRDUP_FATAL(cur_rmconf->myprivfile); |
---|
4063 | |
---|
4064 | vfree(yystack.l_mark[-1].val); |
---|
4065 | vfree(yystack.l_mark[0].val); |
---|
4066 | } |
---|
4067 | break; |
---|
4068 | case 355: |
---|
4069 | #line 2193 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4070 | { |
---|
4071 | char path[MAXPATHLEN]; |
---|
4072 | int ret = 0; |
---|
4073 | |
---|
4074 | if (cur_rmconf->mycert != NULL) { |
---|
4075 | yyerror("certificate_type already defined\n"); |
---|
4076 | return -1; |
---|
4077 | } |
---|
4078 | |
---|
4079 | cur_rmconf->mycert = vmalloc(1); |
---|
4080 | if (cur_rmconf->mycert == NULL) { |
---|
4081 | yyerror("failed to allocate mycert"); |
---|
4082 | return -1; |
---|
4083 | } |
---|
4084 | cur_rmconf->mycert->v[0] = ISAKMP_CERT_PLAINRSA; |
---|
4085 | |
---|
4086 | getpathname(path, sizeof(path), |
---|
4087 | LC_PATHTYPE_CERT, yystack.l_mark[0].val->v); |
---|
4088 | cur_rmconf->send_cr = FALSE; |
---|
4089 | cur_rmconf->send_cert = FALSE; |
---|
4090 | cur_rmconf->verify_cert = FALSE; |
---|
4091 | if (rsa_parse_file(cur_rmconf->rsa_private, path, |
---|
4092 | RSA_TYPE_PRIVATE)) { |
---|
4093 | yyerror("Couldn't parse keyfile.\n", path); |
---|
4094 | return -1; |
---|
4095 | } |
---|
4096 | plog(LLV_DEBUG, LOCATION, NULL, |
---|
4097 | "Private PlainRSA keyfile parsed: %s\n", path); |
---|
4098 | vfree(yystack.l_mark[0].val); |
---|
4099 | } |
---|
4100 | break; |
---|
4101 | case 357: |
---|
4102 | #line 2227 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4103 | { |
---|
4104 | yyval.num = algtype2doi(algclass_isakmp_dh, yystack.l_mark[0].num); |
---|
4105 | if (yyval.num == -1) { |
---|
4106 | yyerror("must be DH group"); |
---|
4107 | return -1; |
---|
4108 | } |
---|
4109 | } |
---|
4110 | break; |
---|
4111 | case 358: |
---|
4112 | #line 2235 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4113 | { |
---|
4114 | if (ARRAYLEN(num2dhgroup) > yystack.l_mark[0].num && num2dhgroup[yystack.l_mark[0].num] != 0) { |
---|
4115 | yyval.num = num2dhgroup[yystack.l_mark[0].num]; |
---|
4116 | } else { |
---|
4117 | yyerror("must be DH group"); |
---|
4118 | yyval.num = 0; |
---|
4119 | return -1; |
---|
4120 | } |
---|
4121 | } |
---|
4122 | break; |
---|
4123 | case 359: |
---|
4124 | #line 2246 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4125 | { yyval.val = NULL; } |
---|
4126 | break; |
---|
4127 | case 360: |
---|
4128 | #line 2247 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4129 | { yyval.val = yystack.l_mark[0].val; } |
---|
4130 | break; |
---|
4131 | case 361: |
---|
4132 | #line 2248 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4133 | { yyval.val = yystack.l_mark[0].val; } |
---|
4134 | break; |
---|
4135 | case 364: |
---|
4136 | #line 2256 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4137 | { |
---|
4138 | cur_rmconf->spspec->lifetime = yystack.l_mark[-1].num * yystack.l_mark[0].num; |
---|
4139 | } |
---|
4140 | break; |
---|
4141 | case 366: |
---|
4142 | #line 2261 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4143 | { |
---|
4144 | #if 1 |
---|
4145 | yyerror("byte lifetime support is deprecated"); |
---|
4146 | return -1; |
---|
4147 | #else |
---|
4148 | cur_rmconf->spspec->lifebyte = fix_lifebyte(yystack.l_mark[-1].num * yystack.l_mark[0].num); |
---|
4149 | if (cur_rmconf->spspec->lifebyte == 0) |
---|
4150 | return -1; |
---|
4151 | #endif |
---|
4152 | } |
---|
4153 | break; |
---|
4154 | case 368: |
---|
4155 | #line 2273 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4156 | { |
---|
4157 | cur_rmconf->spspec->algclass[algclass_isakmp_dh] = yystack.l_mark[0].num; |
---|
4158 | } |
---|
4159 | break; |
---|
4160 | case 370: |
---|
4161 | #line 2278 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4162 | { |
---|
4163 | if (cur_rmconf->spspec->vendorid != VENDORID_GSSAPI) { |
---|
4164 | yyerror("wrong Vendor ID for gssapi_id"); |
---|
4165 | return -1; |
---|
4166 | } |
---|
4167 | if (cur_rmconf->spspec->gssid != NULL) |
---|
4168 | racoon_free(cur_rmconf->spspec->gssid); |
---|
4169 | cur_rmconf->spspec->gssid = |
---|
4170 | racoon_strdup(yystack.l_mark[0].val->v); |
---|
4171 | STRDUP_FATAL(cur_rmconf->spspec->gssid); |
---|
4172 | } |
---|
4173 | break; |
---|
4174 | case 372: |
---|
4175 | #line 2291 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4176 | { |
---|
4177 | int doi; |
---|
4178 | int defklen; |
---|
4179 | |
---|
4180 | doi = algtype2doi(yystack.l_mark[-2].num, yystack.l_mark[-1].num); |
---|
4181 | if (doi == -1) { |
---|
4182 | yyerror("algorithm mismatched 1"); |
---|
4183 | return -1; |
---|
4184 | } |
---|
4185 | |
---|
4186 | switch (yystack.l_mark[-2].num) { |
---|
4187 | case algclass_isakmp_enc: |
---|
4188 | /* reject suppressed algorithms */ |
---|
4189 | #ifndef HAVE_OPENSSL_RC5_H |
---|
4190 | if (yystack.l_mark[-1].num == algtype_rc5) { |
---|
4191 | yyerror("algorithm %s not supported", |
---|
4192 | s_attr_isakmp_enc(doi)); |
---|
4193 | return -1; |
---|
4194 | } |
---|
4195 | #endif |
---|
4196 | #ifndef HAVE_OPENSSL_IDEA_H |
---|
4197 | if (yystack.l_mark[-1].num == algtype_idea) { |
---|
4198 | yyerror("algorithm %s not supported", |
---|
4199 | s_attr_isakmp_enc(doi)); |
---|
4200 | return -1; |
---|
4201 | } |
---|
4202 | #endif |
---|
4203 | |
---|
4204 | cur_rmconf->spspec->algclass[algclass_isakmp_enc] = doi; |
---|
4205 | defklen = default_keylen(yystack.l_mark[-2].num, yystack.l_mark[-1].num); |
---|
4206 | if (defklen == 0) { |
---|
4207 | if (yystack.l_mark[0].num) { |
---|
4208 | yyerror("keylen not allowed"); |
---|
4209 | return -1; |
---|
4210 | } |
---|
4211 | } else { |
---|
4212 | if (yystack.l_mark[0].num && check_keylen(yystack.l_mark[-2].num, yystack.l_mark[-1].num, yystack.l_mark[0].num) < 0) { |
---|
4213 | yyerror("invalid keylen %d", yystack.l_mark[0].num); |
---|
4214 | return -1; |
---|
4215 | } |
---|
4216 | } |
---|
4217 | if (yystack.l_mark[0].num) |
---|
4218 | cur_rmconf->spspec->encklen = yystack.l_mark[0].num; |
---|
4219 | else |
---|
4220 | cur_rmconf->spspec->encklen = defklen; |
---|
4221 | break; |
---|
4222 | case algclass_isakmp_hash: |
---|
4223 | cur_rmconf->spspec->algclass[algclass_isakmp_hash] = doi; |
---|
4224 | break; |
---|
4225 | case algclass_isakmp_ameth: |
---|
4226 | cur_rmconf->spspec->algclass[algclass_isakmp_ameth] = doi; |
---|
4227 | /* |
---|
4228 | * We may have to set the Vendor ID for the |
---|
4229 | * authentication method we're using. |
---|
4230 | */ |
---|
4231 | switch (yystack.l_mark[-1].num) { |
---|
4232 | case algtype_gssapikrb: |
---|
4233 | if (cur_rmconf->spspec->vendorid != |
---|
4234 | VENDORID_UNKNOWN) { |
---|
4235 | yyerror("Vendor ID mismatch " |
---|
4236 | "for auth method"); |
---|
4237 | return -1; |
---|
4238 | } |
---|
4239 | /* |
---|
4240 | * For interoperability with Win2k, |
---|
4241 | * we set the Vendor ID to "GSSAPI". |
---|
4242 | */ |
---|
4243 | cur_rmconf->spspec->vendorid = |
---|
4244 | VENDORID_GSSAPI; |
---|
4245 | break; |
---|
4246 | case algtype_rsasig: |
---|
4247 | if (oakley_get_certtype(cur_rmconf->peerscert) == ISAKMP_CERT_PLAINRSA) { |
---|
4248 | if (rsa_list_count(cur_rmconf->rsa_private) == 0) { |
---|
4249 | yyerror ("Private PlainRSA key not set. " |
---|
4250 | "Use directive 'certificate_type plainrsa ...'\n"); |
---|
4251 | return -1; |
---|
4252 | } |
---|
4253 | if (rsa_list_count(cur_rmconf->rsa_public) == 0) { |
---|
4254 | yyerror ("Public PlainRSA keys not set. " |
---|
4255 | "Use directive 'peers_certfile plainrsa ...'\n"); |
---|
4256 | return -1; |
---|
4257 | } |
---|
4258 | } |
---|
4259 | break; |
---|
4260 | default: |
---|
4261 | break; |
---|
4262 | } |
---|
4263 | break; |
---|
4264 | default: |
---|
4265 | yyerror("algorithm mismatched 2"); |
---|
4266 | return -1; |
---|
4267 | } |
---|
4268 | } |
---|
4269 | break; |
---|
4270 | case 374: |
---|
4271 | #line 2388 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4272 | { yyval.num = 1; } |
---|
4273 | break; |
---|
4274 | case 375: |
---|
4275 | #line 2389 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4276 | { yyval.num = 60; } |
---|
4277 | break; |
---|
4278 | case 376: |
---|
4279 | #line 2390 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4280 | { yyval.num = (60 * 60); } |
---|
4281 | break; |
---|
4282 | case 377: |
---|
4283 | #line 2393 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4284 | { yyval.num = 1; } |
---|
4285 | break; |
---|
4286 | case 378: |
---|
4287 | #line 2394 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4288 | { yyval.num = 1024; } |
---|
4289 | break; |
---|
4290 | case 379: |
---|
4291 | #line 2395 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4292 | { yyval.num = (1024 * 1024); } |
---|
4293 | break; |
---|
4294 | case 380: |
---|
4295 | #line 2396 "../../ipsec-tools/src/racoon/cfparse.y" |
---|
4296 | { yyval.num = (1024 * 1024 * 1024); } |
---|
4297 | break; |
---|
4298 | #line 4299 "racoonyy.tab.c" |
---|
4299 | } |
---|
4300 | yystack.s_mark -= yym; |
---|
4301 | yystate = *yystack.s_mark; |
---|
4302 | yystack.l_mark -= yym; |
---|
4303 | yym = yylhs[yyn]; |
---|
4304 | if (yystate == 0 && yym == 0) |
---|
4305 | { |
---|
4306 | #if YYDEBUG |
---|
4307 | if (yydebug) |
---|
4308 | printf("%sdebug: after reduction, shifting from state 0 to\ |
---|
4309 | state %d\n", YYPREFIX, YYFINAL); |
---|
4310 | #endif |
---|
4311 | yystate = YYFINAL; |
---|
4312 | *++yystack.s_mark = YYFINAL; |
---|
4313 | *++yystack.l_mark = yyval; |
---|
4314 | if (yychar < 0) |
---|
4315 | { |
---|
4316 | yychar = YYLEX; |
---|
4317 | if (yychar < 0) yychar = YYEOF; |
---|
4318 | #if YYDEBUG |
---|
4319 | if (yydebug) |
---|
4320 | { |
---|
4321 | if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; |
---|
4322 | printf("%sdebug: state %d, reading %d (%s)\n", |
---|
4323 | YYPREFIX, YYFINAL, yychar, yys); |
---|
4324 | } |
---|
4325 | #endif |
---|
4326 | } |
---|
4327 | if (yychar == YYEOF) goto yyaccept; |
---|
4328 | goto yyloop; |
---|
4329 | } |
---|
4330 | if (((yyn = yygindex[yym]) != 0) && (yyn += yystate) >= 0 && |
---|
4331 | yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yystate) |
---|
4332 | yystate = yytable[yyn]; |
---|
4333 | else |
---|
4334 | yystate = yydgoto[yym]; |
---|
4335 | #if YYDEBUG |
---|
4336 | if (yydebug) |
---|
4337 | printf("%sdebug: after reduction, shifting from state %d \ |
---|
4338 | to state %d\n", YYPREFIX, *yystack.s_mark, yystate); |
---|
4339 | #endif |
---|
4340 | if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; |
---|
4341 | *++yystack.s_mark = (YYINT) yystate; |
---|
4342 | *++yystack.l_mark = yyval; |
---|
4343 | goto yyloop; |
---|
4344 | |
---|
4345 | yyoverflow: |
---|
4346 | YYERROR_CALL("yacc stack overflow"); |
---|
4347 | |
---|
4348 | yyabort: |
---|
4349 | yyfreestack(&yystack); |
---|
4350 | return (1); |
---|
4351 | |
---|
4352 | yyaccept: |
---|
4353 | yyfreestack(&yystack); |
---|
4354 | return (0); |
---|
4355 | } |
---|